Cyware Daily Threat Intelligence, July 24, 2020

Share Blog Post

Leaving vulnerable software or hardware unpatched or unattended can invite unwanted problems. Lately, researchers have reported that threat actors are making attempts to exploit a high-severity path traversal flaw found in Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The flaw can allow attackers to obtain sensitive data from targeted systems.

There has also been a discovery of a new variant of Phobos ransomware in the last 24 hours. The new variant is capable of stealing users’ machine information. It uses system activation tools to spread on victims’ machines. Meanwhile, the infamous Sodinokibi ransomware has claimed its attack on Spain’s Administrador de Infraestructuras Ferroviarias (ADIF) by stealing around 800GB of data.

Top Breaches Reported in the Last 24 Hours

GEDmatch confirms an attack
GEDmatch has disclosed a security breach that exposed the DNA profiles of more than one million people to law enforcement agencies. The firm immediately took the website down to contain the breach.

Updates on Blackbaud breach
The latest update in the ransomware attack on Blackbaud reveals that the incident has affected nine more universities. Earlier, it had come to notice that the University of York was one of their victims. Some of the new victims include the University College Oxford, the University of London, Canada’s Ambrose University, and the Rhode Island School of Design.

Spain’s ADIF attacked
The Administrador de Infraestructuras Ferroviarias (ADIF) in Spain has been hit by the Sodinokibi ransomware. The threat actors have stolen 800GB of sensitive data and published some portion of it to claim their attack.

Florida Tax Office hit
A Florida Tax Collector’s Office has revealed a data breach that occurred in June. The incident has affected around 450,000 residents in Polk County.

Garmin affected
Smartwatch and wearable maker Garmin has shut down its services and halted its production systems following a ransomware attack on July 23. The extent of the attack is yet to be assessed.

Top Malware Reported in the Last 24 Hours

A new variant of Phobos
Researchers have discovered a new variant of Phobos ransomware that uses software such as system activation tools as a carrier to trick users into installing the malware. The variant is capable of stealing users’ machine information. After encrypting the files, the variant adds a specific suffix named id[XXXXXXXX-2275].[helprecover@foxmail[.]com].help, where “XXXXXXXX” is the disk serial number.

29 fake Android apps
A total of 29 fake photo editing apps that can compromise devices have been found by researchers. These fake apps have been downloaded 3.5 million times from the Google Play Store and are being used in a campaign named Chartreuse Blur.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco vulnerability exploited
Researchers informed that attackers are making attempts to exploit a recently patched high-severity path traversal flaw affecting Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The flaw, tracked as CVE-2020-3452, can be exploited to obtain potentially sensitive files from the targeted system.

Vulnerable ASUS routers
Two flaws found in ASUS routers can allow attackers to compromise the devices. While the first flaw (CVE-2020-15498) stems from a lack of certificate validation, the second (CVE-2020-15499) exists in the Web Management interface.


phobos ransomware
fake photo editing apps
asus routers

Posted on: July 24, 2020

Get the Daily Threat Briefing delivered to your email!

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!