Cyware Daily Threat Intelligence, July 09, 2020

Share Blog post

In the fast-paced world of cybersecurity, cybercriminals are always on the run, launching massive and sophisticated cyberattacks using new variants of existing malware. In the past 24 hours, security researchers have detected new variants of the Joker spyware and Mirai botnet in the wild. While the new Joker version is capable of downloading additional malware to the devices, the Mirai variant comes with nine vulnerabilities, including a recently discovered command injection vulnerability affecting Comtrend routers.

A new ransomware that includes unique encryption capability has also been discovered in the last 24 hours. Named as Conti, it up to 32 simultaneous CPU threads to encrypt files on infected computers. The ransomware also uses the Windows Restart Manager to ensure that all files can be encrypted.

Top Breaches Reported in the Last 24 Hours

15 billion credentials on sale
Over 15 billion credentials have been put up for sale on the dark web. These stolen credentials were collected from over 100,000 discrete data breaches, out of which 5 billion are unique. Some of these credentials are log in details for domain administrators, while the remaining can be used to gain access to an individual’s bank account and system.

Top Malware Reported in the Last 24 Hours

New Mirai variant
A new Mirai variant named IoT.Linux.MIRAI.VWISI, includes nine vulnerabilities in its arsenal. The most notable among them is CVE-2020-10173 that affects Comtrend VR-3033 routers. Remote malicious attackers can use this vulnerability to compromise the network managed by the router.

New Joker variant
A new variant of Joker spyware has been found to be distributed via a legitimate app in Google Play Store. This updated version is capable of downloading additional malware to the devices, which subscribes the users to premium services without their knowledge.

New Conti ransomware
A new Conti ransomware has been found using up to 32 independent CPU threads to encrypt files on infected computers. Another new technique of the ransomware includes the use of the Windows Restart Manager to ensure that all files can be encrypted.

Pre-installed malware
Researchers reported that UL40 smartphones come with preinstalled malicious apps. The apps in question are a Settings app and the Wireless Update app. These apps included Android/Trojan.Downloader.Wotby.SEK malware.

Top Vulnerabilities Reported in the Last 24 Hours

Google patches flaws
Google has addressed several critical Android vulnerabilities in its July 2020 updates. The most severe of the flaws impact the system component and could allow an attacker to execute code with high privileges, via a specially crafted file. Some of these flaws affect media framework and system components.

Flawed ultrasound systems
Federal authorities have issued security advisories related to a vulnerability in ultrasound systems from Philips. Described as an authentication bypass issue, the flaw can be successfully exploited to allow an attacker to view or modify information. The flaw impacts various versions of the ClearVue, CX, EPIQ, Sparq, and Xperius products.

Palo Alto fixes a flaw
Palo Alto Networks has fixed another severe flaw in PAN-OS devices. Termed as OS command injection flaw and tracked as CVE-2020-2034, it can allow remote attackers to execute arbitrary OS commands with root privileges on unpatched devices.

NVIDIA fixes code execution bug
NVIDIA has addressed a code execution bug in GeForce Experience software. The flaw, identified as CVE-2020-5964, can allow attackers to exploit systems remotely. It can be abused with the help of malicious tools delivered to systems running vulnerable NVIDIA GFE versions.

Top Scams Reported in the Last 24 Hours

HSBC phishing scam
People in the U.K are being targeted by a new phishing scam that appears to be from HSBC. The scam begins with a fake text message that informs users that a new payment has been made through the HSBC app on their phone. The recipients are later redirected to a fake website that claims to verify the victims’ bank account.

Office 365 phishing
Microsoft Office 365 users are targeted in a new phishing campaign that uses fake Zoom account suspension alerts. In another incident, threat actors are using fake Office 365 OAuth applications to trick users. The ultimate goal of these two scams is to steal credentials from Office 365 users.

 Tags

mirai iot botnets
nvidia geforce
conti ransomware
microsoft office 365 users
joker spyware

Posted on: July 09, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!