Cyware Daily Threat Intelligence, March 17, 2020

Share Blog post

Intel processors are back in headlines for being affected by another new vulnerability. It was just last week that researchers had detected a vulnerability called LVI-LFB (Load Value Injection in the Line Fill Buffers) impacting many Intel processors and now it has been found that they are also vulnerable to snoop attacks. The latest vulnerability termed as ‘Snoop-assisted L1 Data Sampling’ affects Intel series like Core and Xeon processors. The flaw can cause a leakage of data from the CPU's internal memory -- also known as the cache.

In other news, VMware has patched three privilege-escalation flaws affecting its Workstation and Fusion, Horizon Client, VMRC products. The flaws can be exploited by a miscreant or malware in a guest VM to launch remote code execution.

The past 24 hours also saw a new ransomware app called CovidLock that pretends to provide updated information on COVID-19 infection. Once launched, the app threatens to erase everything on victims’ phones if a ransom of $100 in bitcoin is not paid.

Top Breaches Reported in the Last 24 Hours

HHS suffers DDoS attack
The Department of Health and Human Services (HHS) experienced a DDoS attack attempt last weekend. Although no systems are reportedly affected, officials have started investigating the origin of the attack. HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure federal networks.

College of DuPage suffers an attack
College of DuPage is offering free credit monitoring services to over 1,700 current and former employees following a data breach. It has been reported that personal and tax information belonging to 1,755 staff had been compromised in the incident. Data exposed in the incident included 2018 W-2 tax forms.

Top Malware Reported in the Last 24 Hours

Malicious CovidLock app
Researchers have found a malicious Android app called CovidLock that promises to deliver up-to-date figures on the coronavirus pandemic. The app includes a strain of malicious software that locks up a user’s phone and demands an extortion fee of $100 in bitcoin. The app threatens to erase everything on an infected phone if victims don’t pay the amount within 48 hours.

Top Vulnerabilities Reported in the Last 24 Hours

Snoop-assisted L1 Data Sampling
Intel processors are vulnerable to a new vulnerability, dubbed ‘Snoop-assisted L1 Data Sampling’. Tracked as CVE-2020-0550, the flaw can allow attackers to leak data from the CPU’s internal memory, also known as the cache. The vulnerability takes advantage of CPU mechanisms like multiple cache levels, cache coherence, and bus snooping. The list of affected processors includes Intel Core and Xeon. Intel has confirmed that patches released in August 2018 for the Foreshadow (L1TF) vulnerability also apply to this new vulnerability.

VMware patches security holes
VMware has released security updates for three vulnerabilities affecting its desktop-class virtualization products. The flaws, tracked as CVE-2020-3947, CVE-2020-3948, and CVE-2019-5543, are all privilege escalation flaws.


 Tags

ddos attack attempts
snoop assisted l1 data sampling
malicious covidlock app
vmware
health and human services hhs
college of dupage

Posted on: March 17, 2020



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.