Cyware Daily Threat Intelligence, June 05, 2020

Share Blog post

Maze ransomware operators are on an attacking spree. After paralyzing the systems of Cognizant, the gang has now attacked another business services firm, Conduent. The operators claimed to have breached the networks of the company in May 2020. To support their claim, they have posted 1 GB of stolen data - that includes various financial spreadsheets, customer audits, invoices, and commission statements - on their data leak site.

The past 24 hours also saw the discovery of a new ransomware called Tycoon. The ransomware has been designed to primarily target organizations in the education and software sectors. It is deployed in the form of a trojanized Java Runtime Environment (JRE) and is compiled in a Java image file to fly under the radar.

Top Breaches Reported in the Last 24 Hours

CPA Canada discloses data breach
The Chartered Professional Accountants of Canada (CPA) has fallen victim to a security breach that affected the personal information of over 329,000 members and other stakeholders. The compromised information includes both employer and employee names and addresses.

Conduent hit
Maze ransomware operators are claiming to have successfully attacked the business services giant, Conduent. As a proof, the attackers have posted 1 GB of files on their leak site and stated that they breached the network in May 2020.

Top Malware Reported in the Last 24 Hours

Malicious apps
Two malicious barcode reader apps - Barcode Reader and QR&Barcode Scanner - were removed from the Google Play Store, following the detection of suspicious activities. These apps forced users to run ads every 15-minutes while running malicious activities in the background. This caused the phone screens to crash.

Tycoon ransomware
Security researchers have uncovered a new ransomware strain, Tycoon, that is deployed in the form of a trojanized Java Runtime Environment (JRE). It leverages an obscure Java image format to evade detection. The ransomware uses the AES-256 algorithm with a 16-byte long GCM authentication tag to encrypt files.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable traffic light controller
Traffic light controllers made by SWARCO are affected by a critical vulnerability that could be exploited by hackers to disrupt a city’s traffic lights. The flaw, tracked as CVE-2020-12493, has a CVSS score of 10. The affected model is CPU LS4000. Swarco has patched the flaw soon after it was made aware by researchers.

Chrome 83.0.4103.97 released
Google has released Chrome 83.0.4103.97 for Windows, Mac, and Linux Operating Systems. This latest update addresses five security flaws, out of which four are high-severity vulnerabilities. In addition to this, Google has also addressed two medium-severity vulnerabilities, tracked as CVE-2020-6497 and CVE-2020-6498, in Chrome 83.0.4103.88 for the iOS release.

 Tags

chartered professional accountants of canada cpa canada
tycoon ransomware
conduent
barcode reader
chrome 830410397
qrbarcode scanner

Posted on: June 05, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!