Cyware Daily Threat Intelligence, July 29, 2020

Share Blog post

The infamous Emotet trojan is back in action after lying dormant for almost five months. Since its reappearance, the trojan has added new abilities and malware payloads to expand its malicious activities. In the latest series of attacks, the trojan has been found using stolen email attachments in order to increase the authenticity of spam emails and bypass email security controls.

Apart from this, researchers have also found new Mac malware that are being used by the Lazarus threat actor group in its recent attacks. Some of these include macOS version of DaclsRAT and the cross-platform MATA framework.

In other developments, several vulnerabilities have been found in VPN implementations used in Operational Technology (OT) networks. These flaws can allow attackers to overwrite data, execute malicious code, and compromise industrial control systems.

Top Breaches Reported in the Last 24 Hours

IP addresses leaked
The National Security and Defense Council (NSDC) has reported a leak of IP addresses of government sites in Ukraine. The list includes almost 3 million sites that use Cloudflare’s services for protection against DDoS attacks. Among these, 45 addresses have the domain ‘gov.ua’ and around 6,500 are with domain ‘.ua’.

Front Rush discloses a breach
Athlete-recruiting software company, Front Rush, has disclosed a security breach that occurred in January 2020. The incident affected over 700,000 files that were stored in an unsecured Amazon S3 bucket. These files included medical records and other personally identifiable information of college athletes.

26 million records on sale
The infamous cybercriminal group, ShinyHunters, has been found offering over 26 million user records for sale at prices between $1,500 and $2,500. The impacted organizations include Appen, Chatbooks, Drizly, Havenly, Ivoy, Mathway, Scentbird, Promo, and Rewards1.

Dussmann Group targeted  
The Nefilim ransomware operators have begun to publish unencrypted files stolen from a Dussmann Group subsidiary, Dresdner Kühlanlagenbau GmbH (DKA). In a post on their data leak site, the operators claim to have stolen 14 GB worth of stolen files.  

Online Michigan bar exam site down
The online Michigan bar exam was targeted in a sophisticated DDoS attack that temporarily took down the test. The incident affected ExamSoft, one of the three vendors that provide services to the Michigan bar.

Top Malware Reported in the Last 24 Hours

Four new Mac-malware
North Korea-linked Lazarus threat actor group has been found employing at least four new Mac malware families in recent attacks. These include the macOS version of DaclsRAT and the cross-platform MATA framework. The list also includes trojanized cryptocurrency-related software, such as CoinGoTrade and Cryptoistic.

Emotet adds new flavor
The Emotet trojan’s capabilities have been enhanced to use stolen attachments to increase its ability to target more systems. The purpose of this new addition is to increase the authenticity of spam emails and evade detection.
 
Top Vulnerabilities Reported in the Last 24 Hours

Flawed wpDiscuz plugin patched
A high-severity flaw found in the wpDiscuz plugin - installed on over 70,000 WordPress sites - can allow hackers to execute code remotely on vulnerable sites. The flaw has been patched in version 7.0.4 of the plugin.

Adobe releases updates
Adobe has released security updates to fix two code execution vulnerabilities in Magento Commerce and Magento Open Source. The flaws are tracked as CVE-2020-9689 and CVE-2020-9691, respectively. They affect the Magneto Commerce and Magento Open Source versions prior to 2.3.5-p1.

OKCupid vulnerabilities fixed
Several flaws discovered in the popular OKCupid dating app could have allowed attackers to expose users’ sensitive data stored on the app. However, these flaws were patched before it could do any harm to the users.

Flawed VPN implementations
Researchers have discovered critical vulnerabilities in industrial VPN implementations that are primarily used to provide remote access to operational technology (OT) networks. These flaws can allow attackers to overwrite data, execute malicious code, and compromise Industrial Control Systems (ICS).

 Tags

nefilim ransomware
emotet trojan
mata framework
dussmann group
daclsrat

Posted on: July 29, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!