Cyware Daily Threat Intelligence, June 12, 2020

Share Blog post

After Grubman Shire Meiselas & Sack, another well-known law firm - Threadstone Advisors - has been hit by ransomware. Attacked by the Maze ransomware operators, the company saw the loss of sensitive data and documents. The advisory firm works for high-profile clients, such as  Charles S. Cohen, Pittsburgh Brewing Co., Harrys of London, and Xcel Brands.

Meanwhile, the City of Alabama paid a ransom of $300,000 in bitcoin to recover from a ransomware attack that occurred in early June. On the other hand, the City of Knoxville became the latest city to be attacked by ransomware operators. The attack took place between June 10 and June 11, 2020.

Top Breaches Reported in the Last 24 Hours

The city of Alabama pays a ransom
The City of Alabama has paid a ransom of $300,000 in bitcoin to recover from a ransomware attack that occurred on June 5, 2020. The attack was carried out by DoppelPaymer ransomware operators.

TAIT breached
TAIT has disclosed a data breach that affected the personal and financial information of some of its employees. The breach occurred after an unauthorized party gained access to one of the company’s servers and the email accounts of several TAIT employees.

Genworth suffers a breach
Insurance firm, Genworth, has suffered a data breach after attackers used compromised login credentials to gain insurance agents’ online accounts. The breached information includes names, addresses, birth dates, financial information, and social security numbers of employees.

The city of Knoxville attacked
The City of Knoxville has shut down its IT network following a ransomware attack. The attack took place between June 10 and June 11, when the ransomware encrypted multiple systems.

Maze ransomware attacks
Maze ransomware operators have exfiltrated sensitive data from Threadstone Advisors before encrypting it. The advisory firm works for high-profile clients, such as Charles S. Cohen, Pittsburgh Brewing Co., Harrys of London, and Xcel Brands.

Top Malware Reported in the Last 24 Hours

ActionSpy malware
A newly discovered ActionSpy malware has been found targeting Android users in Tibet, Turkey, and Taiwan. The campaign is stirred by Earth Empusa, the threat actor group known for using watering hole attacks. The malware is distributed via phishing web pages, which appear to have been copied from Uyghur-related news sites.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Mitsubishi controllers
A serious denial-of-service vulnerability affecting some Mitsubishi Electric automation controllers can allow hackers to disrupt the production process in industrial organizations. The vulnerability affects Mitsubishi’s MELSEC iQ-R series CPU modules, including R00, R04 and R08, and the RJ71EN71 Ethernet interface module. The vendor has released updates to address the flaw.

Vulnerable FB Messenger
Security researchers have disclosed details about a vulnerability discovered in Messenger version 460.16. The flaw could allow attackers to leverage the app to potentially execute malicious files already present on a compromised system. Facebook has released an updated version of Messenger to address the flaw.

 Tags

threadstone advisors
genworth
tait
city of alabama
maze ransomware
city of knoxville

Posted on: June 12, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!