Cyware Daily Threat Intelligence, June 19, 2019

See All
Data breaches against the government sector are being witnessed at an alarming pace. Lately, the Oregon Department of Human Services (DHS) has announced that around 645,000 people were affected in a data breach that occurred in January 2019. Initial investigations had cited that around 350,000 individuals were affected by the breach. The incident had occurred after nine employees had unknowingly opened a malicious link present in an email. DHS is providing 12 months of identity monitoring and recovery services to those affected in the breach.

A new cyberespionage campaign named ‘Bouncing Golf’ was found targeting organizations in Middle Eastern countries. The attackers behind the campaign are using  AndroidOS_GolfSpy.HRX to launch their attacks. The malware, GolfSpy is capable of obtaining various kinds of information, such as device accounts, applications installed in the device, contacts, call logs and records, device location, etc.   

The past 24 hours also saw a major security update that was released by Mozilla. It addressed a type confusion vulnerability that is fixed in Firefox 67.0.3 and Firefox ESR 60.7.1. The bug can allow an attacker to inject code into a victim’s system through malicious web pages on the previous versions of Firefox.

Top Breaches Reported in the Last 24 Hours

645,000 people affected in DHS breach
The Oregon Department of Human Services (DHS) is notifying 645,000 individuals about a data breach that occurred in January 2019. Earlier, the DHS had estimated the number to be over 350,000. The breach had occurred after nine employees had unknowingly opened a malicious link within an email. This gave the hackers access to their email accounts. The DHS is providing 12 months of identity monitoring and recovery services to the affected individuals.

SMMG and CCA breached
Maryland-based Capitol Cardiology Associates (CCA) and Southern Maryland Medical Group (SMMG) are notifying patients of a data breach involving a third-party vendor/business associate Meditab software. The breach occurred between January 9, 2019, and March 14, 2019. It may have compromised patients’ medical records or visit notes. Some personal information such as names, addresses, and birth dates and phone numbers may also have been compromised in the incident.

ResiDex Software attacked
A ransomware attack at ResiDex Software has led to the shut down of its systems. The initial investigation did not identify any personal or health information being compromised. Upon learning the incident, ResiDex took the necessary steps to restore its servers to a new hosting provider and protect its IT systems.

OMG and SNHS attacked
Olean Medical Group (OMG) has suffered a ransomware attack which took down its computer systems. This has forced staff and physicians to manually record data with pen and paper. On the other hand, the Seneca National Health System (SNHS) has also experienced system failure causing severe downtime. Both firms have confirmed that no data has been accessed by the attackers.

Top Malware Reported in the Last 24 Hours

A new variant of Ryuk
Researchers have across a new variant of Ryuk ransomware that looks for particular IP addresses and computer name strings to simplify its infection process. If these identifiers match with the existing ones, the ransomware does not encrypt the computer. The partial IP addresses that are searched by the ransomware are 10.30.4, 10.30.5, 10.30.6, and 10.31.32. Likewise, it does not encrypt computers that have string names such as ‘SPB’, ‘spb’, ‘MSK’, ‘Msk’ or ‘msk’.  

Bouncing Golf campaign
A new cyberespionage named ‘Bouncing Golf’ has been unearthed by security researchers. The campaign is being used against Middle Eastern countries. The malware associated with the campaign is  AndroidOS_GolfSpy.HRX. The malware GolfSpy can be used to obtain various kinds of information, such as device accounts, applications installed in the device, contacts, call logs and records, device location, etc.   

GoldBrute botnet
A botnet named GoldBrute is found scanning the internet in search of vulnerable Windows machines with RDP connection enabled. The malware has compiled a list of over 1.5 million unique systems and has systematically tested access on them with brute-force or credential stuffing attacks.

Top Vulnerabilities Reported in the Last 24 Hours

RCE flaw in TP-Link Wi-Fi extenders
A critical remote code execution(RCE) vulnerability has been discovered in TP-Link RE365 Wi-Fi Extender running firmware version 1.0.2, build 20180213. The flaw can allow an unauthenticated attacker to take complete control of the device. Further analysis revealed that the security hole also impacted RE650, RE350 and RE500 devices. TP-Link has released firmware updates for the affected models to address the vulnerability.

Microsoft fixes privacy settings bug
Microsoft has released a security update for certain devices that fix a privacy settings bug in Windows 10 version 1709, 1803 and 1809. The flaw caused the Location, Diagnostic Data and Improve inking and typing privacy settings to not be displayed during the initial setup of Windows. For the affected devices, Microsoft is offering KB4489219 (1709), KB4489220 (1803), or KB4499918 (1809) via Windows Update. The affected devices will automatically get the update downloaded and installed through Windows Update.

Mozilla fixes type confusion vulnerability
Mozilla has issued security updates to address type confusion vulnerability in Firefox and Firefox ESR. The vulnerability is tracked as CVE-2019-11707 and can allow an attacker to inject code into a victim’s system through malicious web pages if they are running an unpatched version of Firefox. The bug has been patched in Firefox 67.0.3 and Firefox ESR 60.7.1. Users are, therefore, urged to apply the necessary updates.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, June 20, 2019
Next
Cyware Daily Threat Intelligence, June 18, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.