Cyware Daily Threat Intelligence, March 02, 2020

Share Blog post

Security risks in WordPress plugins are unfortunately far too common and this is evident from recent research - that was conducted by a group of cybersecurity firms specialized in WordPress security products. The report highlights that there has been a resurgence in attacks against WordPress sites during the past two weeks. Apparently, most of these attacks were conducted by exploiting zero-day flaws discovered in the Async JavaScript, 10Web Map Builder for Google Maps, and Modern Events Calendar Lite plugins.

That’s not all. A large-scale attack campaign that makes use of AgentTesla keylogger has been found to be active since November 2019. The attack campaign mainly targeted countries in Western Europe, including France, Serbia, Poland, Turkey, Italy, and other countries like Argentina.

Talking about vulnerabilities, researchers have uncovered that Apache Tomcat servers released in the last 13 years are vulnerable to a bug called GhostCat.The flaw exists in the Tomcat AJP protocol and can allow malicious hackers to take over unpatched systems.

Top Breaches Reported in the Last 24 Hours

Visser Precision confirms data breach
Visser Precision, a Colorado-based manufacturer, has confirmed a data breach that may have resulted in access or theft of data. Researchers say that the attack was caused by the DoppelPaymer ransomware. A list of files stolen from Visser, including folders with its customers’ names, has been published on the website managed by the ransomware’s operators.

Walgreens leaks data
Walgreens, a pharmacy store in the US, has leaked personal data of some of its users due to an error in the secure messaging feature in the app. The exposed data includes first and last name, prescription details, store number, and shipping addresses of customers.

Power outage in Venezuela
A power outage had occurred in several states of Venezuela on March 1, 2020. The blackout was caused by a cyberattack against the Guri hydroelectric power plant. The incident has also impacted mobile networks partially. 

Top Malware Reported in the Last 24 Hours

AgentTesla keylogger returns
Multiple large-scale cyber attacks that involve the use of AgentTesla keylogger have been observed by researchers. The campaign is mainly targeted against countries in Western Europe, including France, Serbia, Poland, Turkey, Italy, and other countries like Argentina. The malware is delivered via phishing emails that carry malicious attachments, generally disguised as payslips, purchase orders, contracts, etc.

Top Vulnerabilities Reported in the Last 24 Hours

Exploitable WordPress plugins
Researchers have been tracking an increase in the number of attacks on WordPress sites due to vulnerable plugins. Some of these attacks involve the exploitation of zero-day vulnerabilities and are found in the Async JavaScript, 10Web Map Builder for Google Maps, and Modern Events Calendar Lite plugins. Apart from these, there are some plugins like Duplicator, Profile Builder, and Themerex addons that are exploited with previously-known vulnerabilities.

Facebook patches a 10-year-old flaw
A 10-year-old account takeover vulnerability present in Facebook’s Authorization feature ‘Login with Facebook’ has been fixed recently. The critical flaw could allow anyone with the stolen tokens to takeover accounts including Facebook, Instagram, Oculus, and other Facebook services.

GhostCat vulnerability
Apache Tomcat servlet container is affected by a serious vulnerability called GhostCat. The flaw tracked as CVE-2020-1938, can allow remote attackers to read the content of any file on vulnerable web servers and obtain sensitive configuration files or source code or execute arbitrary code if the server allows file upload. Users are urged to upgrade to the latest version of Apache Tomcat 9.0.31, 8.5.51, and 7.0.100 to fix this vulnerability.

 Tags

agenttesla keylogger
walgreens
apache tomcat servlet
visser precision
ghostcat vulnerability
async javascript

Posted on: March 02, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!