Cyware Daily Threat Intelligence, July 30, 2019

See All
Zero-day vulnerabilities present a serious security risk, leaving organizations’ products and software susceptible to attacks. Now, security researchers have discovered a total of 11 zero-day security issues in the VxWorks operating system that can put over two billion IoT devices at risk. The vulnerabilities collectively called as ‘URGENT11’ exists in IPnet, VxWorks’ TCP/IP stack. 

In another instance, Apple’s instant messaging service iMessage has been found to be affected by an out-of-bounds vulnerability. The flaw can allow attackers to read the contents of files stored on iOS devices without user interaction.   

A new Android ransomware named Android/Filecoder.C was also uncovered by security researchers in the past 24 hours. The ransomware, which uses 42 versions of the message template, spreads via malicious posts on online forums and spam SMSes.  

Top Breaches Reported in the Last 24 Hours

Capital One data breach
Capital One disclosed a data breach that has exposed the personal data of around 106 million customers. The breach had occurred due to a vulnerability in the system, which allowed a hacker to gain unauthorized access to people’s sensitive data from March 22 to 23, 2019. The compromised data belonged to 100 million customers in the US and six million people in Canada. Upon discovery, the vulnerability was fixed immediately by the company. 

LAPD data breach
A data breach at the Los Angeles Police Department has exposed the personal data of roughly 2,500 police officers. The data was stored in an old data that was no longer being used by the Personnel Department. The exposed information includes names, email addresses, passwords and birth dates of police officers and applicants. 

Sure company’s data stolen
Hundreds of staff at mobile phone company Sure have had their personal and bank details compromised in a targeted phishing attack. The attack has affected the offices located at the Isle of Man, Guernsey, and Jersey. The data includes names, addresses, account numbers, and codes. 

Official website down
The official website of Lincoln County Sheriff is down for almost a week since a ransomware attack destroyed the backup data and encrypted information. The data was stored on the main server in the North Carolina county. The Sheriff’s office has contacted the FBI to investigate the matter.  

Top Malware Reported in the Last 24 Hours

Android/Filecoder.C ransomware
Android/Filecoder.C is a newly discovered Android ransomware that spreads as enticing posts through different online forums. To maximize its reach, the ransomware uses a victim’s contact list to spread as malicious links via SMS. The ransomware has 42 versions of the message template.

Iomega NAS devices targeted
Attackers are deleting files on publicly accessible Lenovo Iomega NAS devices and leaving ransom notes behind. These ransom notes state that the attackers will give the files back if a bitcoin ransom is paid. The ransom note is named ‘YOUR FILES ARE SAFE!!!.txt’ and state that the user's files have been encrypted and moved to a safe location. These notes are created with different ransom amounts and messages. 

RFI attacks
A recently discovered series of targeted attacks have been found exploiting Remote File Inclusion vulnerabilities to deploy phishing kits. It was found that a server was outputting a file crafted by the attackers in these attacks. 

Top Vulnerabilities Reported in the Last 24 Hours 

Vulnerable VxWorks OS
A total of 11 zero-day vulnerabilities, collectively dubbed as ‘URGENT11’ have been found in the VxWorks operating system. The OS is used by over two billion IoT devices spread across industrial, medical and enterprise environments. The vulnerabilities reside in IPnet, VxWorks’ TCP/IP stack. Six out of 11 flaws are critical and can enable an attacker to remotely execute malicious code on to the systems.

Apple iMessage vulnerability
An iMessage vulnerability patched in Apple’s iOS 12.4 can allow attackers to read the contents of files stored on iOS devices. This can be done remotely without any user interactions. The flaw has been tracked as CVE-2019-8646 (out-of-bound flaw). 

NSW iVote source code released
Some portion of the source code used by the NSW Electoral Commission has been released in a bid to prove that it contains vulnerabilities. The first flaw was found in the SwissPost system used to prevent electoral fraud. On the other hand, the second flaw was uncovered in the electronic voting machine that could be exploited to tamper the election results.  

Debian releases updates
Debian GNU/Linux 10 ‘Buster’ operating system has been updated to address a security flaw. Tracked as CVE-2019-13272, the flaw could let an unauthorized user obtain local privileges. The issue also appears to affect the older DebianGNU/Linux 9 "Stretch" and Debian GNU/Linux 8 "Jessie" operating systems series. Security patches for all supported versions have been released to mitigate the issue.   
  
Top Scams Reported in the Last 24 Hours

Email scams
Police in Northern Ireland has issued a warning about scams that target users to steal their sensitive data such as banking and credit card details. Several instances of credit card fraud, email scams that aim to pilfer users’ data have been reported by victims. Under the email scams, the scammers send emails that appear to come from utility companies, law enforcement agencies, tax agencies, and telecom providers. 




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, July 31, 2019
Next
Cyware Daily Threat Intelligence, July 29, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.