Go to listing page

Cyware Daily Threat Intelligence, June 21, 2019

Cyware Daily Threat Intelligence, June 21, 2019

Share Blog Post

DanaBot has evolved beyond being a banking trojan and has now become more powerful by including a ransomware module to its arsenal. The malware variant has been found infecting users in Italy and Poland. It is dropped in the form of a VBA script through phishing emails.

Canada’s largest credit union Desjardins Group suffered a major blow after an employee disclosed the personal information of its 2.9 million customers. The exposed information included the details of almost 2.7 million home users and 173,000 business customers.

The past 24 hours also saw some major security patches that were issued by Mozilla and Microsoft. While Mozilla has fixed a sandbox escape vulnerability through the release of Firefox 67.0.4 and Firefox ESR 60.7.2, Microsoft has addressed a major email spoofing vulnerability by releasing version 3.0.88 of Outlook for Android. The vulnerability impacts versions prior to 3.0.88 of Outlook for Android, which has over 100 million installations worldwide.  

Top Breaches Reported in the Last 24 Hours

78,000 US patients’ data leaked
A misconfigured MongoDB database belonging to PSKW has exposed personal details and prescription information of over 78,000 US patients. These patients are those who were prescribed with Vascepa. The exposed information includes full names, addresses, phone numbers, email addresses and prescriptions of patients.
Desjardins Group breached
Personal information of roughly 2.9 million Desjardins Group members was leaked after an employee with an ill-intention shared the info outside the organization. The data breach includes the data of more than 40 percent of the co-operative’s clients and members. The leaked information includes names, addresses, birth dates, social insurance numbers, email addresses and information about transaction habits. Desjardins Group has informed the law enforcement agencies about the breach.

MSPs breached
Threat actors have successfully managed to breach several managed service providers (MSPs) to distribute Sodinokibi ransomware on the MSP’s customer systems. The attackers had leveraged Webroot SecureAnywhere console to deploy the malware. The console was used as a channel to execute a Powershell script - that downloaded the ransomware - on remote workstations.  

Top Malware Reported in the Last 24 Hours

DanaBot updated
DanaBot trojan has now been upgraded to behave as ransomware. The variant is targeting users in Italy and Poland via phishing emails which deliver email droppers. The ransomware executables are written in Delphi and is downloaded via a VBA script. The capabilities of the new variant include stealing browser credentials, running a local proxy to manipulate web traffic and initiating remote desktop control on targeted systems.  

Bird Miner malware
A new Bird Miner Mac malware has been found to be distributed via cracked installer of Ableton Live 10. The software is distributed via a pirated website called VST Crack. The installer drops three malicious scripts, one of which is responsible for obfuscating the detection. It is believed that the VST Crack has been distributing the malware for at least four months.

LoudMiner malware
Malicious actors are attempting to infect computers running Tiny Core Linux virtual with an XMRig-based cryptominer named LoudMiner. The malware is distributed via pirated copies of VST software applications. Researchers have also discovered a cryptocurrency mining botnet that uses ADB ports and SSH connections for propagation. The malware has been detected in 21 different countries with the highest percentage found in South Korea.

Top Vulnerabilities Reported in the Last 24 Hours

Firefox’s second zero-day bug
Two days after patching the first zero-day, Mozilla has patched a second zero-day flaw that was being exploited in the wild to attack Coinbase employees and other cryptocurrency organizations. The second flaw has been detected as CVE-2019-11708 and is described as a ‘sandbox escape’ vulnerability.

A flaw in Dell SupportAssist fixed
Dell has released a security patch to address an unnamed issue in its SupportAssist application. The flaw could have enabled hackers to take over a machine and read the stored physical memory. The flaw has been assigned CVE-2019-12280 and affects Dell SupportAssist for Business PCs version 2.0 and Home PCs versions up to 3.2.1.

Email spoofing flaw in Outlook
Microsoft has addressed an email spoofing flaw in its Outlook for Android app. The flaw impacts versions prior to 3.0.88 of Outlook, which has over 100 million installations. The flaw could allow an attacker to carry out cross-site scripting attacks. It is designated as CVE-2019-1105 and exists due to the way Outlook incorrectly parsed specially crafted email messages.

A flaw in Nest Cams addressed
An issue affecting some Nest cameras connected to third-party partner services via Works with Nest has been addressed recently. The issue exists in the factory reset function of the device. It was found that the Nest Indoor cameras did not protect the privacy of owners even after performing a factory reset.

Microsoft’s 10 flaws
Unit 42 researchers have published a list of Microsoft vulnerabilities that were detected in the month of May and June 2019. The severity of the vulnerabilities discovered were all rated “Important”. The vulnerabilities include remote code execution and privilege escalation flaws. All of them have been patched by Microsoft.


bird miner malware
dell supportassist
email spoofing flaw
desjardins group

Posted on: June 21, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.