Cyware Daily Threat Intelligence, June 14, 2019

See All
Ransomware has become the number one security risk to businesses and users. In situations where an organization does not have back up files, a decryption key is the only way to unscramble the encrypted files. Lately, French authorities have released a decryptor for versions 1 and 2 of pyLocky ransomware. The decryptor has been created by leveraging services from different French law enforcement agencies and volunteer researchers. While version 1 of the pyLocky ransomware appends the encrypted files using .lockedfile or .lockymap extension, version 2 renames the encrypted files using the .locky extension. 

Several security updates to address different vulnerabilities were also released in the past 24 hours. This includes Mozilla Thunderbird 60.7.1 and Google Chrome 75.0.3770.90. While Thunderbird 60.7.1 addresses CVE-2019-11703, CVE-2019-11704, CVE-2019-11705, and CVE-2019-11706, Chrome 75.0.3770.90 has been issued to fix CVE-2019-5842. Users are advised to update their Thunderbird and Chrome to the latest versions to stay safe.

Top Breaches Reported in the Last 24 Hours

Union Labor Life Insurance data breach
A phishing attack at the Union Labor Life Insurance had impacted the medical and personal information of 87,400 patients. The incident occurred on April 1, 2019, after an employee responded to a phishing email. The email appeared to be from a trusted business partner. The compromised data includes plan member names, addresses, dates of birth, social security numbers, and personal health information of the individuals and their family members.

The city of Burlington duped of $503,000
The City of Burlington has fallen victim to a phishing scheme that resulted in the loss of $503,000. The incident took place after a City staff received a phishing email, requesting to change banking information of a well-known city vendor. Soon after the changes, about $503,000 was transferred to the updated bank account on May 16. The mistake was realized on May 23, 2019.

Symantec declines data breach
According to Guardian Australia report, the hackers had targeted Symantec to steal confidential data and a list of prominent Australian clients in February 2019. The incident occurred during the company’s demonstration process. However, the company has called the data breach ‘fake’ and told that the stolen data was actually ‘dummy data’.

Top Malware Reported in the Last 24 Hours

Decryptor for pyLocky ransomware
French authorities have released decryptor for pyLocky ransomware versions 1 and 2. The ransomware is very active in Europe. There are also many victims in France. While version 1 of the ransomware appends the encrypted files using .lockedfile or .lockymap extension, version 2 renames the encrypted files using the .locky extension. 

Cryptojacking campaign
Security researchers have uncovered an ongoing cryptojacking campaign that affects unpatched computers across the world. The purpose of the campaign is to deliver XMRig Monero miner on the infected systems. The cybercriminals behind this campaign are using the NSA leaked tools - EternalBlue and EternalChampion SMB exploit kits to compromise the vulnerable Windows systems.

Adware and PUPs push notifications
Researchers have detected new potentially unwanted program (PUP) families that push notification services to conduct fraud. Tracked as PUP.Optional.Stream.All and Trojan.FBSpammer, the new PUPs are distributed to victims’ systems as browser extension plugins. Users are advised to thoroughly review the extensions before installing them on their browser.

Top Vulnerabilities Reported in the Last 24 Hours

Mozilla releases Thunderbird 60.7.1
Mozilla has released a security update to address several vulnerabilities in Thunderbird. The vulnerabilities are detected as CVE-2019-11703, CVE-2019-11704, CVE-2019-11705, and CVE-2019-11706. The vulnerabilities are patched in the latest version 60.7.1 of Thunderbird.

Chrome 75.0.3770.90 released
Google has released Chrome 75.0.3770.90 for Windows, Mac, and Linux. The update addresses a security vulnerability which was detected by an external researcher. The flaw is tracked as CVE-2019-5842 and can allow an attacker to take control of an affected system.

Vulnerable AGW   
Security experts have discovered critical vulnerabilities in Alaris Gateway Workstation (AGW) that could allow an attacker to take complete control of the medical devices connected to the workstation. The vulnerabilities are tracked as CVE-2019-10959 and CVE-2019-10962. The vulnerabilities have been fixed in the latest firmware versions.  

Top Scams Reported in the Last 24 Hours

Twitter URLs abused to promote scam
Bad actors can abuse Twitter URLs to perform nefarious activities. Fraudulent activities can range from running disinformation campaigns to spreading malware or tricking users into landing on a malicious web page. The threat actors can perform these activities by manipulating the Twitter URL and include a relevant username and status ID to trick users. The targeted users could assume that the URL is from a trusted source and click on it. This enables attackers to spread fake news or malicious content.  




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, June 17, 2019
Next
Cyware Daily Threat Intelligence, June 13, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.