Cyware Daily Threat Intelligence, March 04, 2020

Share Blog post

Beware, ransomware attackers are now well-equipped to steal backup files and data stored in the cloud. This is very much possible if the backup clouds are not properly configured, thereby leaving a victim with no option to restore their lost data after a ransomware attack.

Talking more about poor configuration settings, a group of academics has discovered that there are 30 vulnerabilities in the file upload mechanisms used by 23 open-source web applications, forums, store builders, and CMSes. These vulnerabilities can allow attackers to exploit file upload forms and plant malicious files on a victim’s servers. The impacted vendors include WordPress, Concrete5, Composr, SilverStripe, and ZenCart.

Amidst all these threats and vulnerabilities, the past 24 hours saw Google releasing fixes for 70 vulnerabilities in Android. Forty of these vulnerabilities were found affecting Qualcomm’s closed-source components.

Top Breaches Reported in the Last 24 Hours

University suffers a breach
Simon Fraser University says it has suffered a ransomware attack that could potentially affect thousands of people. The incident may have resulted in the compromise of personal details of faculty, staff, students, alumni, and retirees who joined the university prior to June 20, 2019. The breached data includes numbers, names, birthdates, external email addresses, and mailing list membership information of students and employees.

Casinos attacked
Two casinos’ websites along with computer networks owned by the company TLC Casino Enterprise Inc. were out of order for almost a week due to a ransomware attack on February 27. The incident had also affected slot machines, player loyalty programs, credit card processing, hotel reservations, and ATMs at two casinos.

Top Malware Reported in the Last 24 Hours

Repurposing malware
Security researcher and former NSA hacker Patrick Wardle has demonstrated a way to modify state-created Mac malware to run his own code instead of using payloads from the government servers. This re-modified malware has been found to defeat the protection built into macOS. Additionally, the new malware variant allows the researcher to install his own malicious payloads, obtain screenshots, and capture sensitive data from compromised Macs.

Hacking backups
It has been found that ransomware attackers are compromising cloud backups that are poorly configured, to steal files and data of victim organizations. This leaves organizations with no option to restore the stolen data even from their cloud backups.

Top Vulnerabilities Reported in the Last 24 Hours

Google fixes over 70 vulnerabilities
Google’s March 2020 security updates for Android include fixes for 70 vulnerabilities, with 11 of them being rated with ‘High’ severity. These 11 vulnerabilities affect framework, media framework, and system components. Apart from these, the security updates also address a total of 40 vulnerabilities affecting Qualcomm’s closed-source components.

File upload vulnerabilities
A team of South Korean academics has discovered 30 vulnerabilities in the file upload mechanisms used by 23 open-source web applications, forums, store builders, and CMSes. The academics were able to do so through the use of an automated testing toolkit. These vulnerabilities can be abused to execute code on a website, weaken existing security settings, or launch a backdoor. The impacted projects include WordPress, Concrete5, Compost, SilverStripe, and ZenCart.

 Tags

simon fraser university
tlc casino enterprise inc
silverstripe
zencart
concrete5

Posted on: March 04, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!