Cyware Daily Threat Intelligence, June 20, 2019

See All
With threat actors making it almost impossible to crack encrypted data from ransomware attacks, many city officials have been forced to pay the demanded ransom as last resort. Riviera Beach City Council in Florida has decided to pay a ransom amount in 65 bitcoins (~$603,000) to recover its data from a ransomware attack that occurred on May 29, 2019. The decision was taken when they were not able to recover the city’s data as it was not backed up correctly.

Oracle WebLogic Server has been found to be vulnerable to a newly discovered remote code execution vulnerability. Tracked as CVE-2019-2729, the flaw affects WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. has received a severity score of 9.8 on CVSS. Oracle has released emergency patches to address the issue in the affected versions.

In a major security lapse, Google has inadvertently shared a confidential Google-only ‘dogfood build’ of their upcoming July 2019 security update to a Pixel 3a XL user. The build was meant to be used internally by Google employees and was not intended for general users.

Top Breaches Reported in the Last 24 Hours

Specsavers data breach
Eyewear giant Specsavers disclosed that it had fallen victim to a data breach. This has affected the personal and medical information of its old clients. The compromised information includes names, dates of birth, addresses, phone numbers, email addresses, clinical records of optometry tests, and Medicare details of individuals. Specsavers became aware of the incident on June 3.

Google accidentally pushes a security update
Google has accidentally sent out a confidential Google-only ‘dogfood build’ of their upcoming July 2019 security update to a Pixel 3a XL user. The build was meant to be used internally by Google employees and was not intended to be pushed out to general users.

A.Duie Pyle attacked
Pennsylvania trucking firm A.Duie Pyle was hit by a ransomware attack on June 17, 2019. This had impacted the network communication systems of the firm. The firm has confirmed that its operating systems, backups and brokerage services systems are intact and have not been invaded during the attack. In addition, it mentions there was no data extracted from the systems.

Florida City pays a ransom
The Riviera Beach City Council in Florida has decided to pay around $603,000 in bitcoins to recover its data from a ransomware attack that occurred on May 29, 2019. The ransomware infection has crippled the city’s systems and services. However, telephone services and 911 services are operational.

Top Malware Reported in the Last 24 Hours

Cryptomining dropper malware
A cryptomining dropper malware has been spotted adding cron jobs to reinfect compromised machines even after being removed. The malware is downloaded using a malicious Bash script on the server. The script is named cr2.sh. Once launched, it would start searching and killing any processes related to cryptominers such as XMRig and CryptoNight. Later it would download its cryptominer payload by sending a request to an attacker-controlled server.

MonsterInstall trojan
Researchers have discovered a new JavaScript-based and modular downloader trojan named MonsterInstall. The trojan is distributed in the form of game cheats via websites owned by the developers. Once executed on a victim’s machine, the trojan grabs all the components it needs to perform its malicious tasks. It also collects system info and sends it to C2 server of attackers.  

Top Vulnerabilities Reported in the Last 24 Hours

Another RCE flaw in WebLogic Server
Another critical remote code execution vulnerability has been detected affecting Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. The flaw is tracked as CVE-2019-2729 and has received a severity score of 9.8 on CVSS. The flaw can be abused by a remote attacker without authentication. Oracle has released emergency patches to address the issue.

Race condition flaw in BIND patched
The Internet Systems Consortium (ISC) has released updates to address a race condition affecting BIND. The flaw affects versions prior to 9.11.7, 9.12.4 and 9.14.2. It has received a CVSS score of 5.9. Users can address the flaw by updating to 9.11.8, 9.12.4-P2, 9.14.3 or 9.15.1 versions.

Samba releases security updates
Samba released security updates to address two vulnerabilities in versions 4.9, 4.10 and above. The flaws are tracked as CVE-2019-12435 and  CVE-2019-12436. An attacker can exploit these vulnerabilities to cause a denial-of-service condition. The flaws have been patched in versions 4.9.9 and 4.10.5 of Samba.

Top Scams Reported in the Last 24 Hours

Phishing scam
The Cybersecurity and Infrastructure Security Agency (CISA) is warning users about a new phishing scam that tricks users into downloading malware. The recipients are sent spoofed emails containing malicious attachments. These attachments look like legitimate notifications from the Department of Homeland Security (DHS). The spoofed emails are distributed to look like a real alert from the National Cyber Awareness System (NCAS). CISA has urged users to be cautious about such unsolicited emails, even if the sender appears to be known. Further, CISA has also said it never sends NCAS notifications that contain email attachments.  




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, June 21, 2019
Next
Cyware Daily Threat Intelligence, June 19, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.