Cyware Daily Threat Intelligence, March 24, 2020

Share Blog post

Unpatched zero-day vulnerabilities can be a potential gold mine for cybercriminals to take control over systems and launch a variety of attacks. Lately, Microsoft has issued a warning about two unpatched zero-day flaws that exist in the way that Windows’ Adobe Type Manager Library handles certain fonts. The flaws affect Windows versions 10, 8.1, 7, Server 2008, and Server 2012. Apart from this, multiple zero-day flaws have also been found affecting Adobe Photoshop CC 2020. All of these vulnerabilities have different root causes related to a multitude of Photoshop Plugins

In other news, threat actors were found taking full advantage of the ongoing COVID-19 threat to spread different malware. In one incident, they promoted a fake Corona antivirus - on two websites - with the purpose of distributing BlackNET RAT. On the other hand, users across the globe reported being displayed a fake ‘COVID-19’ alert that was actually meant for spreading Vidar information-stealing malware. The attackers behind the campaign hijacked the DNS settings of D-Link and Linksys routers in order to push the alert on a victim’s browser.

Top Breaches Reported in the Last 24 Hours

University of Utah Health data breach
The University of Utah Health has disclosed a data breach that took place between January 7 and February 21, 2020. The incident occurred after hackers gained unauthorized access to some employees’ email accounts, The affected accounts included some patient information, such as names, dates of birth, medical record numbers, and clinical information about received care.

GE suffers a breach
Fortune 500 tech giant General Electric (GE) has suffered a data breach that may have affected the PII of current and former employees as well as beneficiaries. The information exposed in the breach includes direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, tax withholding forms, Social Security numbers, and more.

Top Malware Reported in the Last 24 Hours

HHS.gov open redirect used for phishing
An HHS.gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims’ system, This is done using coronavirus-themed phishing emails. The open redirect used for attack is present on the subdomain of HHS’ Departmental Contract Information System. The malware executed in this phishing attack is the Raccoon information-stealer malware.

BlackNET RAT
Two sites have been found promoting a fake Corona antivirus to distribute BlackNET RAT. The two sites are antivirus-covid19[.]site and corona-antivirus[.]com. The RAT once downloaded, adds the infected device to a botnet so that it can be used to launch DDoS attacks, upload files onto the compromised machine, execute scripts, take screenshots, harvest keystrokes, steal bitcoin wallets, and more.

Vidar info-stealer
Hackers are hijacking router’s DNS settings with an aim to spread Vidar information-stealing malware. The attacks are more likely on D-Link and Linksys routers. Once the hackers change the DNS settings of the router, the victims’ web browser displays a fake COVID-19 alert that is from the World Health Organization (WHO). However, the fake alert is actually a channel to distribute the malware.

Top Vulnerabilities Reported in the Last 24 Hours

Multiple zero-day flaws in Photoshop
Researchers have uncovered multiple critical zero-day vulnerabilities in Adobe Photoshop CC 2020. The flaws are identified as CVE-2020-3783, CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-3787, CVE-2020-3788, and CVE-2020-3789. All of these vulnerabilities have different root causes related to a multitude of Photoshop Plugins. Due to the critical rating of these vulnerabilities, it is suggested to apply the latest patches as soon as possible.

Zero-day flaws abused
Attackers are exploiting two new zero-day remote code execution vulnerabilities in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems. The vulnerabilities arise from the affected library’s improper handling of a specially-crafted multi-master font - Adobe Type 1 PostScript format.

Flawed Tesla’s touchscreen
Tesla Model 3’s web interface is affected by a DoS vulnerability. The flaw is tracked as CVE-2020-10558 and can allow attackers to disable the speedometer, web browser, climate controls, turn signals, navigation, autopilot notifications, and blinker notifications. The car manufacturer has released a software update to patch the vulnerability.

Top Scams Reported in the Last 24 Hours

Sextortion scam
A new sextortion scam that threatens users to reveal their dirty secrets and infect their families with Coronavirus is doing the rounds on the internet recently. The body of the email uses Greek characters that look similar to English letters such as A, N, O, T, and V. It prompts the recipient to pay a ransom of $400 within 24 hours to prevent their data from being revealed. The email also claims to release a compromising webcam video of the victim watching inappropriate adult content.


 Tags

adobe photoshop cc 2020
dos vulnerability
remote code execution vulnerabilities
windows adobe type manager library
sextortion scam

Posted on: March 24, 2020



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.