Cyware Daily Threat Intelligence, June 25, 2020

Share Blog post

New details related to the recently-discovered Ripple20 vulnerability have emerged in the last 24 hours. It has been found that the flaw, which is a collection of 19 vulnerabilities, highly affects certain medical devices used in the healthcare sector. There are six times more equipment vulnerable to Ripple20 in healthcare than in other sectors.

Lucifer, a new malware with cryptojacking and DDoS capabilities, has also been uncovered in the last 24 hours. It targets both Windows and Linux machines by exploiting a range of previously-known vulnerabilities.

Meanwhile, Maze ransomware operators claimed to hack LG Electronics by releasing screenshots of data stolen from the company’s Python source code repositories. Additionally, they have exfiltrated confidential information for projects related to some U.S. companies.

Top Breaches Reported in the Last 24 Hours

LG Electronics targeted
LG Electronics has been reportedly hit by Maze ransomware. The operators claim to have stolen 40 GB of Python source codes and proprietary information for projects that involve U.S. companies. To establish their claims, they have shared screenshots of data stolen from a Python code repository. As of now, it is unclear how the ransomware intruded into the network.

Confidential docs to be auctioned
After claiming to have sold confidential documents of some high-profile celebrities, the REvil ransomware gang is all set to auction another batch of data stolen from Grubman Shire Meiselas & Sacks. The auction of the stolen data is likely to start at a price of $600,000.

Top Malware Reported in the Last 24 Hours

Malicious Docker account
Researchers have detected a malicious Docker Hub account, azurenql, that is active since October 2019. The account was used for hosting six malicious images intended to mine cryptocurrency. The images hosted on this account have been pulled for more than two million times.

New Lucifer malware
A new self-propagating malware, dubbed Lucifer, has been found targeting Windows systems to launch cryptojacking and DDoS attacks. The malware leverages a range of previously-known vulnerabilities to infect systems. The flaws include CVE-2017-10271, CVE-2018-20062, CVE-2017-9791, CVE-2019-9081, and CVE-2017-0144.

Top Vulnerabilities Reported in the Last 24 Hours

New details about Ripple20
The full impact of the newly-discovered Ripple20 vulnerability, which arises due to a total of 19 flaws in the TCP/IP protocol from Treck, remains unclear. However, researchers believe that the healthcare industry is particularly affected by the flaw. It has been found that there are six times more vulnerable equipment used in healthcare than in other sectors. Some of the vulnerable products include Spectrum Infusion System from Baxter, Infusion Pump System by B.Barun, and medical imaging system by Carestream.

VMware fixes flaws
VMware has released security updates for multiple vulnerabilities affecting its ESXi, Workstation, and Fusion products. The most critical of these is a use-after-free flaw, tracked as CVE-2020-3962. It can allow attackers to execute arbitrary code on the hypervisor from a virtual machine after successful exploitation.

NVIDIA patches flaws
NVIDIA has addressed security vulnerabilities found in GPU Display drivers, CUDA drivers, and the Virtual GPU Manager software. These flaws can lead to code execution, denial of service, escalation of privileges, and information disclosure on both Windows and Linux machines. The flaws come with CVSS scores between 4.4 and 7.8.

 Tags

lucifer malware
revil ransomware
malicious docker
maze ransomware operators
ripple20 vulnerability
lg electronics

Posted on: June 25, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!