Cyware Daily Threat Intelligence, June 10, 2020

Share Blog post

June 2020 Patch Tuesday is here with fixes for no fewer than 150 vulnerabilities from leading software providers. For the fourth consecutive month, Microsoft has released security patches for at least 129 vulnerabilities affecting Windows 10, Windows Server 2008, and Windows Server 2012, among others. At the same time, Intel has issued updates for 25 vulnerabilities, out of which two are newly discovered flaws - CrossTalk and SGAxe.

Moving to other developments, security researchers found new operations related to KingMiner botnet and Valar malware. While the KingMiner botnet was found targeting vulnerable MSSQL databases with an intention to mine cryptocurrencies, the Valar malware’s capability was upgraded by adding a new plugin called ‘clientgrabber’ - to steal email credentials from the registry of a compromised system.


Top Breaches Reported in the Last 24 Hours

Nintendo’s accounts affected
The Japanese gaming giant, Nintendo, has disclosed a data breach that affected around 300,000 accounts. The hack, which took place in early April, impacted the birth dates and email addresses of gamers. However, no credit card details were compromised in the incident.

Edesur S.A attacked
In addition to Honda Motor Co., the Snake ransomware has also infected Edesur S.A, one of the companies belonging to Enel Argentina. Reports suggest that both the companies were hacked through systems with publicly exposed Remote Desktop Protocol (RDP) ports.

Fitness Depot website breached
A MageCart attack on the Canadian fitness equipment retailer, Fitness Depot, affected the personal and financial data of some of its customers. The incident had occurred on February 18, 2020. The skimmer code was inserted in the checkout page of the website.

Another MageCart attack
The GreenWorks website got compromised by a highly sophisticated self-cleaning and self-destructing skimmer designed to steal payment card details of users. It is found that the card details stolen from the website are redirected to a server at congolo[.]pro controlled by hackers.

Avon hit in an attack
Nature &Co’s subsidiary Avon has been hit by a cyberattack that paralyzed its operations and some of its systems. The firm is yet to assess the extent of the incident.

Top Malware Reported in the Last 24 Hours

KingMiner botnet returns
Security researchers have detected a new KingMiner botnet operation that targets MSSQL databases with brute-force attacks. Once hackers break into a vulnerable MSSQL system, they create another database user named ‘dbhelp’ and install a cryptocurrency miner that abuses the server’s resources to generate profits for the gang.

Malicious apps
Around 38 malicious Android apps with more than 20 million downloads were removed from the Google Play Store for conducting ad fraud. Some of these apps are ‘Rose Photo Editor & Selfie Beauty Camera’ and ‘Pinut Selfie Beauty Camera & Photo Editor.’

Valak malware upgraded
Authors have upgraded the capabilities of Valak malware to steal email credentials from the registry of a compromised machine. The latest variant includes a new plugin called ‘clientgrabber’ for this purpose.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft fixes 129 bugs
Microsoft has pushed fixes for at least 129 vulnerabilities as part of the June 2020 Patch Tuesday. Out of these, eleven are deemed as ‘Critical’, signifying they could be exploited by malware to seize vulnerable systems. Some of the affected products include Microsoft Word, Windows Server 2012, Windows 10, and Windows 8.1.

Intel addresses 25 flaws
Intel has issued security patches for 25 vulnerabilities, with two of them affecting its Active Management Technology (AMT), for this month’s security updates. The updates also include fixes for two newly discovered vulnerabilities, namely Special Register Buffer Data Sampling (SRBDS) or CrossTalk and SGAxe. While the former affects some client and Intel Xeon E3 processors, the latter can be successfully used against devices using Intel’s 9th gen Coffee Lake Refresh processors.

IBM patches flaws
IBM has patched two critical vulnerabilities affecting its WebSphere Application Server product. These flaws could be exploited by unauthenticated attackers to execute arbitrary code with elevated privileges.

Adobe’s security updates
Adobe has released security updates for ten vulnerabilities, four of which are classified as ‘Critical’. These flaws affect Adobe’s Flash Player, Experience Manager, and Framemaker.

Flawed Siemens LOGO!PLC patched
A flaw found in the Siemens LOGO! PLC models have been patched recently. The security issue, tracked as CVE-2020-7589, could allow an adversary to carry out a variety of malicious activities.

GnuTLS patches security holes
A two-year-old bug that was lurking in the GnuTLS servers has been fixed last week. The bug could make TLS 1.3 sessions vulnerable to attacks.

Top Scams Reported in the Last 24 Hours

Giveaway scam
Scammers have hijacked three YouTube channels - ‘Juice TV, Right Human and MaximSakulevich’ - and renamed them to either ‘SpaceX Live’ or ‘SpaceX’ in order to conduct free cryptocurrency giveaway scams. So far, these scams have raked in close to $150,000 in bitcoins. One of these channels has 230,000 subscribers and the other one has 131,000 subscribers. All of these hijacked channels work by live-streaming the previous interviews of Elon Musk or SpaceX conferences while promoting scams that ask viewers to send in a small amount of bitcoin to receive a fake bitcoin giveaway.

 Tags

valar malware
greenworks
nintendo co ltd
windows server 2012
kingminer botnet
windows server 2008
fitness depot

Posted on: June 10, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!