Cyware Daily Threat Intelligence, March 25, 2020

Share Blog post

Amidst the ongoing global pandemic, cybercriminals continue to find new ways to target organizations. Now, the operators behind the Nefilim, CLOP, and Sekhmet ransomware attack campaigns have created data leak websites to publish stolen data from victim organizations. The attackers use this tactic to name and shame victims who do not pay a ransom.

In other news, a security researcher discovered a critical remote code execution flaw affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other networking devices. Meanwhile, Apple released seven security updates to address dozens of security vulnerabilities affecting its iOS, macOS, watchOS, iPadOS, and tvOS.

Top Breaches Reported in the Last 24 Hours

Stolen data from ransomware attacks
Following in the footsteps of other notorious ransomware actors, the operators behind the Nefilim, CLOP, and Sekhmet ransomware attack campaigns have created websites to publish stolen data. While the Nefilim ransomware actors posted data from two companies, the CLOP leaks website featured four affected companies and the Sekhmet website listed one company.

Email error breach
Watford Community Housing, a housing association in the UK, suffered a data privacy incident due to a mailing error. The association inadvertently shared the sensitive personal data of 3500 residents including sexual orientation and ethnicity, during a contact email update exercise.

Top Malware Reported in the Last 24 Hours

TrickMo android malware
Security researchers at IBM X-Force discovered that the TrickBot????? trojan gang is using a malicious Android application to bypass two-factor authentication (2FA) protection in online banking. The Android app, dubbed TrickMo, is capable of intercepting a wide range of transaction authentication numbers (TANs) including one-time password (OTP), mobile TAN (mTAN), and pushTAN authentication codes.

New Milum RAT
Kaspersky researchers discovered an attack campaign dubbed WildPressure that targets organizations with a new Remote Access Trojan (RAT) named Milum. According to the researchers, Milum is a fully-developed trojan with “solid capabilities for remote device management” of a compromised host.

Coronavirus finder app
Security researchers discovered a new Android banking trojan disguised as the ‘Coronavirus Finder’ app that purports to show a map detailing the number of people in the area with the Covid-19 virus infection. While asking users for a payment of €0.75 to view the map, the app sends their card details to attacker-controlled servers.

Top Vulnerabilities Reported in the Last 24 Hours

OpenWrt RCE bug
A security researcher uncovered a critical remote code execution flaw affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other networking devices. Tracked as CVE-2020-7982, the flaw resides in the OPKG package manager of OpenWrt and it arises out of the way it performs integrity checking of downloaded packages using the SHA-256 checksums embedded in the signed repository index. It could allow an attacker to gain complete control over the targeted OpenWrt network device, and subsequently, over the network traffic it manages.

Apple releases patches
Apple released a total of seven security updates to address vulnerabilities in its various devices. For the iOS, the 13.4 update includes fixes for 30 security issues including remote code execution, information disclosure, and cross-site scripting bugs. On the other hand, the macOS Catalina 10.15.4 security update fixes 26 flaws including a sudo bug (CVE-2019-19232) that allows command execution through a non-existent user and a restricted memory access flaw in the Intel Graphics Driver (CVE-2019-14615).

VMWare patch release
VMware released an update for the macOS version of Fusion to fix a privilege escalation vulnerability tracked as CVE-2020-3950, for which it initially released an incomplete patch in version 11.5.2. Now, the company released version 11.5.3 to provide a complete patch for the vulnerability. However, the researchers who discovered the vulnerability claim that the update does not resolve the issue as a new proof-of-concept (PoC) exploit could be created to bypass it.


 Tags

stolen data
nefilim ransomware
milum rat
openwrt
trickmo android malware
apple security updates

Posted on: March 25, 2020



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.