Cyware Daily Threat Intelligence, July 05, 2019

See All
Several new security incidents, malware strains, and vulnerabilities were reported in the last 24 hours. A fake Android app, ‘Updates for Samsung - Android Update Versions’ that claims to provide firmware updates for Samsung users, redirects users to an ad-filled website after the installation. This app has over 10 million installations.

TA505 threat group has been found using a new malware tool called Gelup and a backdoor known as FlowerPippi in its latest campaign. This campaign is targeting countries such as the United Arab Emirates, Saudi Arabia, India, Japan, Argentina, the Philippines, and South Korea. 

Apart from these, numerous vulnerabilities were also reported. Monero has disclosed nine security vulnerabilities that could allow attackers to steal XMR from cryptocurrency exchanges. Meanwhile, researchers have detected SACK Panic and SACK Slowness Linux kernel vulnerabilities in VMware that impacts at least 30 VMware products.

Top Breaches Reported in the Last 24 Hours

St. John Ambulance ransomware attack
St. John Ambulance, UK’s leading first aid charity suffered a ransomware attack. The incident has impacted everyone who opened an account, booked or attended a St. John Ambulance training course till February 2019. The data includes names of those who booked and attended the course, course details, contact information, costs, invoicing details, and driving license data. However, no credit card details or customer passwords were compromised.

7-Eleven customers lose around $500,000
Attackers hacked 7-Eleven Japan’s 7pay customer accounts and made fraudulent payments on almost 900 customers incurring a collective loss of ¥55 million ($510,000). The incident was caused by a security lapse in the company's mobile payment app, 7pay which was launched on July 01, 2019.


Top Malware Reported in the Last 24 Hours

TA505 uses a new malware tool and a backdoor
Researchers observed TA505 threat group’s new campaign targeting countries such as the United Arab Emirates, Saudi Arabia, India, Japan, Argentina, the Philippines, and South Korea. In this campaign, the group uses a new malware tool named Gelup and a new backdoor dubbed FlowerPippi. The Gelup tool also uses the packer of FlawedAmmyy RAT.


Top Vulnerabilities Reported in the Last 24 Hours

Monero discloses nine vulnerabilities
Monero cryptocurrency exchange has disclosed nine security vulnerabilities that could allow attackers to steal XMR from cryptocurrency exchanges. Among the nine security flaws, five of them could result in Denial of Service (DoS) attacks. The cryptocurrency exchange has patched eight of these vulnerabilities. 

SACK Panic and SACK Slowness vulnerabilities
Researchers have detected SACK Panic and SACK Slowness Linux kernel vulnerabilities in VMware that impacts at least 30 VMware products. The vulnerabilities could be exploited by an attacker to launch a denial-of-service (DoS) attack and reboot vulnerable systems. Impacted products include AppDefense, Container Service Extension, Enterprise PKS, Horizon, among others. 

Top Scams Reported in the Last 24 Hours

Sextortion scam
The U.S. Federal Bureau of Investigation (FBI) issued a warning on Twitter about sextortion campaigns. The FBI stated that this campaign targets young people throughout the United States. The agency also advised teenagers and young adults to not send photos to strangers.

Fake Android app scam
A fake Android app that claims to provide firmware updates for Samsung users redirects users to an ad-filled website after the installation. The app named ‘Updates for Samsung - Android Update Versions’ has over 10 million installations and is still available in the Google Play Store.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, July 08, 2019
Next
Cyware Daily Threat Intelligence, July 04, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.