Cyware Daily Threat Intelligence, June 13, 2019

See All
The Rowhammer exploit which let unauthorized users change or corrupt data in vulnerable memory chips has evolved over the past four years. Now, security researchers have unveiled a new version of the Rowhammer attack that can be used to extract cryptographic keys or other secret information stored in vulnerable DRAM modules. The researchers have named this latest version as RAMBleed.

The past 24 hours also saw a new version of the Hide ‘N Seek botnet that includes exploit-code for two new vulnerabilities in its arsenal. The vulnerabilities are identified as remote code execution vulnerabilities in ThinkPHP (CVE-2018-20062) and Sonatype Nexus Repository Manager software (CVE-2019-7238). This new variant of the botnet targets Android devices through Android Debug Bridge (ADB).

Popular instant messaging app, Telegram confirmed that it was hit by a powerful DDoS attack which originated from China. The attack had caused services outage, primarily in South and North America. The company has secured its platform and the connection issues have now been resolved.

Top Breaches Reported in the Last 24 Hours

Telegram suffers DDoS attack
Telegram Messenger has recovered from a powerful DDoS attack that occurred on the platform on June 12, 2019. The company has reported that no major damage was caused and has said that the data was safe. The origin of the attack is believed to be from China. The timing of the attack coincides with the Hong Kong extradition law protests organized on the Telegram platform. The attack had disrupted services primarily in South and North America.   

ASCO halts operations
ASCO, the airplane parts supplier company, has ceased its production in factories following a ransomware attack. The attack has crippled the IT systems and approximately 1000 workers have been sent home. The company has halted operations in factories spread across four countries. However, non-production offices located in France and Brazil remain unaffected.

The city of Edcouch attacked
A hacker has gained access to the computer server of City of Edcouch and has threatened to erase all the city’s information if a ransom of $40,000 is not paid. Information from the Water Department and city finances have been compromised in the attack. Apart from this, the hacker has also stolen the information of more than 3,000 residents.

Top Malware Reported in the Last 24 Hours

Hide ‘N Seek botnet evolves
Hide ‘N Seek botnet has evolved to include exploits of two new vulnerabilities in the ThinkPHP installations and the Sonatype Nexus Repository Manager software installations. The vulnerabilities are tracked as CVE-2018-20062 and CVE-2019-7238 respectively. The new variant of the botnet targets Android devices via ADB.

IPStorm campaign
A campaign named IPStorm also known as InterPlanetary Storm was discovered in May 2019. It was aimed at Windows machines, with the group hiding their communications using a P2P network. The malware used in the campaign has a ‘reverseshell’ functionality that can allow hackers to execute any arbitrary PowerShell code on the infected machine. 

Fishwrap campaign
Researchers have across a fake news campaign named ‘Fishwrap’. The campaign has been active at least for a year and is being carried out by a threat actor of the same name. The purpose of the campaign is to misguide the users by republishing old news on social media platforms. 

Top Vulnerabilities Reported in the Last 24 Hours

‘RAMBleed’ Rowhammer attack
Researchers have discovered a new variant of Rowhammer attack called RAMBleed. The attack can be used to steal information from a targeted device apart from altering existing data. It takes advantage of a hardware design flaw in the RAM card. The vulnerability has been identified as CVE-2019-0174.

UXSS flaw in Evernote Web Clipper extension
A critical universal cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper Chrome extension can allow potential attackers to access users’ sensitive information from third-party online services. Tracked as CVE-2019-12592, the flaw stems from a logical coding error in the extension. Evernote has fixed this issue in the version 7.11.1. 

Cisco IOS XE’s CSRF vulnerability
A cross-site request forgery (CSRF) vulnerability has been uncovered in the web-based UI of Cisco IOS XE software. The flaw can allow an unauthenticated attacker to persuade a user of the interface to follow a malicious link. A successful exploit can enable the attacker to perform arbitrary actions using the privilege level of the affected user. Cisco has released a security update to address the vulnerability.  

SAP’s June Patch day
SAP has released a series of security patches to fix multiple vulnerabilities in its products. The vulnerabilities detected are information disclosure vulnerability, cross-site scripting flaws, denial of service issues, code injection vulnerability, missing authorization check and clickjacking vulnerability. Users are advised to apply patches to the respective affected products through the SAP support portal.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, June 14, 2019
Next
Cyware Daily Threat Intelligence, June 12, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.