Cyware Daily Threat Intelligence, June 08, 2020

Share Blog post

Continuing its series of recent high-profile attacks, the Maze ransomware has now targeted the aerospace sector with its latest victim being the Texas-based VT San Antonio Aerospace. The hackers claimed to have stolen 1.5 TB of sensitive data from the firm and demanded a hefty ransom to avoid exposure of that data.

Coming to new threats, researchers published a proof-of-concept exploit for the SMBGhost vulnerability affecting Windows 10 systems. The exploit can perform remote code execution on vulnerable systems. Meanwhile, a critical flaw was also patched in the Indian government’s Digilocker app that could have allowed miscreants to bypass the one-time passwords requirement to access users’ sensitive documents.

Top Breaches Reported in the Last 24 Hours

Maze ransomware targets aerospace
The Texas-based aerospace company, VT San Antonio Aerospace (VT SAA), was targeted by the Maze ransomware gang. Following the incident, the attackers claimed to have stolen 1.5 TB of sensitive data from the company’s network.

Korean hackers break into ZEE5
A group of hackers identifying themselves as "John Wick" and "Korean Hackers" claimed to have hacked into the systems of the Indian video streaming giant, ZEE5. The attackers claimed to have stolen 150 GB of sensitive data and threatened to sell it on the underground markets.

Top Malware Reported in the Last 24 Hours

Kupidon ransomware
Researchers from MalwareHunterTeam discovered a new ransomware called Kupidon. The ransomware target both corporate networks and personal devices of individuals. It drops different ransom notes based on the targets and encrypts and appends the victims’ file names after encryption with the “.kupidon” extension.

Tekya ad fraud app
Check Point researchers found a new variant of the Tekya Android ad fraud malware family. The new variant was being distributed by masking as five legitimate-looking apps on the Google Play Store. The new Tekya variant is designed to target up to 11 different advertising networks including Admob, Facebook, and Unity. Following the discovery, Google removed the five apps from the store.

Top Vulnerabilities Reported in the Last 24 Hours

WIndows 10 SMBGhost bug
Security researchers released a proof-of-concept exploit for the infamous Windows vulnerability, SMBGhost, which is tracked as CVE-2020-0796. The new exploit can perform remote code execution on vulnerable Windows 10 systems. SMBGhost affects Windows 10 versions 1909 and 1903, including Server Core.

Digilocker
Digilocker, an app by the Indian government for securely storing personal documents, was found to have a critical flaw that could have allowed attackers to bypass mobile one-time passwords (OTP) and access the sensitive documents of any user. The flaw was fixed by the government on May 28 with the release of the latest version of the app.


 Tags

digilocker
smbghost rce exploit
zee5
vt san antonio aerospace
kupidon
tekya

Posted on: June 08, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!