Cyware Daily Threat Intelligence, July 14, 2020

Share Blog post

The increased adoption of virtual meeting tools during this pandemic season has paved the way for new threats in the cyber landscape. After the discovery of several vulnerabilities, now, researchers have disclosed that screenshots of meeting images - publicly available on social media - can be abused to extract personal details of users, including their gender and full names. The issue affects Zoom, Microsoft Teams, and Google Meet.

A new variant of Panther ransomware and a new AgeLocker ransomware were also spotted in the last 24 hours. While the new Panther version uses RSA and AES algorithms, the AgeLocker ransomware makes use of an ‘Age’ encryption tool to encrypt victims’ files.

Top Breaches Reported in the Last 24 Hours

142 million records on sale
An advertisement on a hacker forum has put around 142 million personal records, associated with the guests of MGM Resorts hotels, on sale. The whole database is sold for a price of more than $2,900. This leaked data was reportedly obtained from the breach that occurred at DataViper.

4.8 million records on sale
An unsecured database containing a trove of 4.8 million records was put on sale on a dark web forum. The data was stolen from a site belonging to a popular U.K. ticketing provider. A hacker named ‘Jamescarter’ sold the details for $2,500, with a [.]ru contact email. The records include login details of users.

LiveAuctioneers report breach
LiveAuctioneers has disclosed a data breach after a hacker began selling 3.4 million stolen user records on a hacker forum. According to the breach notification, the site’s data was compromised on June 19, 2020. The firm has claimed that no payment details were affected by the breach.

Collabera attacked
The U.S.-based IT consultancy giant, Collabera, has been hit by a ransomware attack. Hackers have exfiltrated details of some of its employees, including names, addresses, social security numbers, dates of birth, and immigration visa details.

Jackpotting attack
Antwerp-based savings bank Argenta had fallen victim to two ATM jackpotting attacks. Following the attack, the firm had closed down 143 cash machines over the weekend.

Cashaa compromised
Cybercriminals have compromised a British cryptocurrency exchange, Cashaa, to steal over $3 million in Bitcoin. The theft occurred after the hackers gained access to one of the exchange’s digital wallets.

Top Malware Reported in the Last 24 Hours

Panther ransomware is back
Oldpanther threat actor group has revamped the Panther ransomware with new capabilities. This new variant is distributed as a Chinese programming language installation program. It uses the VMProtect virtualization shell to hide from anti-virus tools. Panther uses RSA and AES algorithms to encrypt victims’ files.

Spox phishing kit
A phishing kit named Spox has been found to be used in a campaign targeting Chase bank customers. The tool is distributed through a compromised website. It generates four phishing pages used to steal data from victims. The attack starts with victims being redirected to a phishing page that appears to be the Chase banking login page.

AgeLocker ransomware
A new and sophisticated ransomware, named AgeLocker, has been found utilizing the ‘Age’ encryption tool created by a Google employee to encrypt victims’ files. It is not known how the threat actors are gaining initial access to the targeted computers. However, once the ransomware finishes the encryption process, it leaves a ransom note asking for 7 bitcoins to decrypt the files.

Top Vulnerabilities Reported in the Last 24 Hours

A flaw in video conferencing images
Researchers have found that video conferencing platforms can enable attackers to extract personal data from screen images. This is possible on Zoom, Microsoft Teams, and Google Meet. The research is based on the publicly available images of video conferencing meetings.

ICS gateway flaws
Multiple vulnerabilities discovered in five popular ICS gateway products can be exploited by attackers to seize control of plant processes. The flaws can also allow attackers to launch Denial of Service (DoS) and privilege escalation attacks.

SAP’s critical bug
A critical bug, carrying a severity score of 10 on the CVSS scale has been disclosed by SAP. The flaw, dubbed as RECON (Remotely Exploitable Code On NetWeaver) and identified as CVE-2020-6287, resides inside SAP NetWeaver Java versions 7.30 to 7.50. It can be exploited to read and modify financial records, change banking details, read Personally Identifiable Information (PII), and disrupt operations.

 Tags

liveauctioneers
panther ransomware
mgm resorts hotels
agelocker ransomware
collabera

Posted on: July 14, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!