Cyware Daily Threat Intelligence, March 09, 2020

Share Blog post

With threat actors constantly looking out for opportunities to exploit vulnerable computers, servers, and other critical systems, organizations should always be on alert to apply the recent security patches. It has been found that several government-backed threat actor groups are actively searching the internet for Microsoft Exchange email servers that are vulnerable to a remote code execution flaw. It can give attackers the ability to gain access to a significant asset within an organization using stolen credentials.

Additionally, two new attacks that can be launched against AMD processors manufactured between 2011 and 2019 has also been explored by the experts. The attacks, that are named as Collide+Probe and Load+Reload, can be used to overcome the security protection of processors in order to steal sensitive data.

The past 24 hours also saw a major ransomware attack at the City of Durham. The city was forced to shut down its IT systems and networks after it was hit by Ryuk ransomware. Reports say that the infection process was initiated through a phishing email.

Top Breaches Reported in the Last 24 Hours

Computers at University rebooted
The University of Kentucky and UK Healthcare conducted a major reboot of their systems in an effort to end a month-long cyber attack. The unidentified threat actors had infiltrated Kentucky’s largest university system in early February and installed malware to mine cryptocurrencies. Meanwhile, there is no evidence that any personal health information or any other sensitive data was compromised during the incident.

The city of Durham attacked
The City of Durham has shut down its network after suffering a cyberattack by the Ryuk ransomware this weekend. The step has been taken to prevent the ransomware from spreading throughout their network. The attack has affected the city’s 911 call center and phone services.

Top Malware Reported in the Last 24 Hours

FormBook trojan returns
Experts have identified the return of the FormBook information-stealing trojan disguised as emails from WHO. The emails are sent to recipients under the pretext of new updates on Coronavirus and include a ZIP file attachment. The subject of the email reads ‘Coronavirus Updates’. The malware is executed in this campaign through the GuLoader malware downloader. Meanwhile, the DHS has shared some tips with users on how to detect coronavirus-themed phishing emails.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft Exchange servers exploited
Government-backed groups are exploiting a recently-patched vulnerability in Microsoft Exchange email servers to launch attacks. The vulnerability tracked as CVE-2020-0688 is a remote code execution bug. To exploit the vulnerability, hackers first need the credentials for an email account on the Exchange server.

AMD processors vulnerable to new attacks
AMD processors manufactured between 2011 and 2019 are vulnerable to new attacks called Collide+Probe and Load+Reload. These attacks impact the security of the data processed inside the CPU. They can downgrade the security features and allow attackers to steal sensitive information.

NordVPN fixes a flaw
NordVPN has plugged a security flaw in the company’s payment platform that leaked sensitive customer data. Tracked as Insecure Direct Object Reference (IDOR), the vulnerability scores a rating of 7 - 8.9 and can be triggered by sending an HTTP POST request to the nordvpn.com domain.

 Tags

collideprobe
university of kentucky
remote code execution bug
amd processors
nordvpn
microsoft exchange email servers
formbook trojan

Posted on: March 09, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!