Cyware Daily Threat Intelligence, March 13, 2020

Share Blog Post

Vulnerable plugins are one of the preferred attack channels to take control of WordPress websites. Lately, multiple vulnerabilities have been identified in the popular Popup Builder plugin that is installed on over 100,000 websites. The flaws can result in arbitrary code execution, configuration disclosure, user data export, and website settings modification.

The past 24 hours also saw cyber criminals across the globe leveraging the COVID-19 scare to trick users into downloading malware designed to steal personal data. Most of these campaigns are carried out via phishing emails that include malicious attachments in the form of Microsoft document or a ZIP file or a RAR file.

A new ransomware strain named after the disease was also found to be distributed via a fake website promoting malicious system optimization software and utilities from WiseCleaner. The malware is distributed along with Kpot information-stealing malware in the campaign.

Top Breaches Reported in the Last 24 Hours

Volusion’s stolen cards on sale
More than 239,000 payment card records stolen from 6,589 Volusion-hosted online stores last year have been put on sale on the dark web. The batch of stolen cards has enabled hackers to earn $1.6 million. This data was from hundreds of different merchants.

Open Exchange Rates’ breach
Open Exchange Rate has announced a data breach that exposed the personal information and passwords for customers of its API services. The incident was discovered on March 2, 2020, when an unauthorized hacker gained access to their network and a database that included user information.

Health District’s website hacked
The Champaign-Urbana Public Health District’s website has been hacked by a ransomware called NetWalker. The workers became aware of the attack on March 10, 2020, after they lost access to files. The healthcare agency has notified the FBI and the DHS about the incident.

Top Malware Reported in the Last 24 Hours

COVID-19 themed emails
Government-backed hacking groups from China, North Korea, and Russia are using COVID-19-themed emails as a lure to infect victims with malware and gain access to their infrastructure. These emails include booby-trapped attachments, RAR and ZIP files, which if opened result in the download of malware like BabyShark and C# backdoor trojan.

CoronaVirus ransomware
CoronaVirus is a new ransomware that spreads via a fake website promoting malicious system optimization software and utilities from WiseCleaner. Once executed, the ransomware encrypts files with specific extensions and later drops a ransom note demanding a ransom of 50 bitcoins. Researchers have found that the site is also distributing a password-stealing trojan called Kpot.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft releases updates
Microsoft has released out-of-band updates for Windows to patch a critical remote execution vulnerability in Server Message Block 3.0. The vulnerability, tracked as CVE-2020-0796, can be exploited by sending specially crafted packets to the targeted system. The weakness impacts Windows 10 and Windows Server versions 1903 and 1909.

Vulnerable Popup Builder plugin 
Vulnerabilities in the Popup Builder WordPress plugin can allow unauthenticated attackers to inject malicious JavaScript code into popups displayed on tens of thousands of websites. The malicious code is designed to take full control over targeted sites and steal information. The flaws are tracked as CVE-2020-10196 and CVE-2020-10195 and can allow unauthenticated injection of arbitrary code, configuration disclosure, user data export, and website settings modification.

Flaws in Phoenix Contact’s routers
Three vulnerabilities have been identified in some of the industrial 4G routers made by Phoenix Contact. The flaws, tracked as CVE-2020-9435 and CVE-2020-9436, affect Phoenix Contact TC ROUTER and TC CLOUD CLIENT devices. The last vulnerability is related to the use of an outdated and vulnerable version of the BusyBox toolkit.

 Tags

volusion
phoenix contact
kpot
covid 19 themed emails
coronavirus ransomware
popup builder plugin

Posted on: March 13, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!