Cyware Daily Threat Intelligence, July 10, 2019

See All
The notorious Trickbot trojan, which has been around since 2016, is back with new tricks up its sleeve. Security experts have unearthed a new variant of this banking trojan that includes a custom proxy module derived from IceID trojan. This variant can allow attackers to launch web injection attacks on web browsers. 

The past 24 hours also saw the emergence of new ransomware named ERIS which propagates through RIG exploit kit. The malware appends the encrypted files with .ERIS extension.

Security updates to address crucial vulnerabilities were also published in the past 24 hours. While Microsoft’s Patch Tuesday has addressed a total of 77 major vulnerabilities, Intel has issued a security patch to address a high-severity flaw in its processor diagnostic tool. Likewise, security updates by Adobe have addressed vulnerabilities found in its Bridge CC, Experience Manager, and Dreamweaver products.     

Top Breaches Reported in the Last 24 Hours

PFCU confirms fraudulent transactions
The Philadephia Federal Credit Union (PFCU) has witnessed a string of fraudulent transactions over the weekend. It is estimated that up to 400 customers have been affected in this incident, with some experiencing more than one withdrawals ranging between $200 and $500. PFCU has promised to reimburse the amount once the investigation is complete.  

Nemadji Research Corporation breached
Nemadji Research Corporation has suffered a phishing attack, affecting the personal information of 14,591 patients from the LA County Department of Health Services. The data exposed in the attack includes patients’ names, addresses, dates of birth, medical record numbers and Med-Cal identification numbers. 

Top Malware Reported in the Last 24 Hours

ERIS ransomware
ERIS ransomware is a newly discovered ransomware that spreads through RIG exploit kit. The ransomware, when installed, encrypts victims’ files and appends them with .ERIS extension. Each encrypted file contains a file marker of _FLAG_ENCRYPTED_ at the end of the file as proof that it has been encrypted.

Trickbot evolves
Trickbot trojan has evolved to includes a custom proxy module derived from IceID trojan. The addition of a proxy module can enable web injection attacks on popular web browsers. The malware variant is distributed via a malicious Office Word document. 

Powload malware
Attackers are using social engineering techniques to trick users to click on an email attachment that contains malicious macros to deploy Powload malware. The malware uses XML-based documents to evade detection. Most of the samples analyzed are compatible with Microsoft Word 97-2003.   

Top Vulnerabilities Reported in the Last 24 Hours

Intel patches flaw
Intel has patched a high-severity flaw in its processor diagnostic tool. The vulnerability is tracked as CVE-2019-11133 and scores 8.2 on the CVSS scale. The flaw can allow an attacker to gain privileged access and launch denial of service attack on affected devices. The flaw impacts versions prior to 4.1.2.24 of the diagnostic tool. 

Microsoft fixes 77 issues
As part of its Patch Tuesday, Microsoft has released security updates to patch 77 security flaws. This includes two zero-day flaws (CVE-2019-0880 and CVE-2019-1132) and both are privilege escalation issues. 15 out of 77 security issues have been rated ‘critical’. The flaws affect a wide range of Microsoft’s products such as Exchange Server, .NET Framework, Azure, Azure DevOps, Internet Explorer, and Graphics component. 

Prototype Pollution flaw
The recently discovered Prototype Pollution flaw has been found impacting all versions of Lodash library. The flaw, tracked as CVE-2019-10744, can cause the application to crash or change its behavior if it does not receive the expected values. 

Adobe fixes security issues
Adobe’s Patch Tuesday updates have addressed vulnerabilities found in the company’s Bridge CC, Experience Manager, and Dreamweaver products. The flaws impacting these products are cross-site scripting vulnerability and cross-site request forgery flaw. 

Icegram plugin flaw
Icegram plugin versions prior to 1.10.28.2 are affected by a cross-site scripting flaw. The flaw can allow an attacker to inject malicious content to a site. The plugin has over 40,000 installations and an attacker with a subscribed account can leverage this vulnerability. The flaw has been patched in version 1.10.29. 

Top Scams Reported in the Last 24 Hours

Get-rich-quick schemes
Scammers are impersonating high-profile personality to trick users to extract personal information. By posing as a well-known celebrity, the scammers are sending private messages to unsuspecting people on social media or via email to promote ‘get-rich-quick schemes’. The fake message includes a form to become members of ‘Virgin Group Worldwide’ which would make them eligible to get some kind of financial assistance. The form includes questions related to users’ personal information and an administration fee. Apart from impersonating celebrities, the scammers are also using fake advertisements to promote ‘get-rich-quick schemes’.    




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, July 11, 2019
Next
Cyware Daily Threat Intelligence, July 09, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.