Cyware Daily Threat Intelligence, March 27, 2020

Share Blog post

With threat actors constantly looking out for opportunities to exploit vulnerable computers, servers, and other critical systems, organizations should always be on alert to apply the recent security patches. Lately, researchers have identified successful cyberespionage attack campaigns against organizations in Western Europe that were carried out by exploiting two previously known Windows’ privilege escalation vulnerabilities. These attacks were launched in late January 2020 and were used to distribute Silence.ProxyBot and updated versions of Silence.MainModule. 

Meanwhile, in a major revelation, AMD has confirmed that the blueprints of some of its graphics products were leaked online after a malicious actor gained unauthorized access to them. The affected graphics products include the Navi 10 architecture, which is used in some Radeon RX 5000-series graphics cards, the upcoming Navi 21, and Arden. 

Talking about vulnerabilities, a bypass vulnerability, present in iOS 13.3.1 and later versions, has been found preventing VPNs from encrypting all traffic. This can lead to some internet connections to bypass VPN encryption and expose users’ data or leak their IP addresses.   

Top Breaches Reported in the Last 24 Hours

Data Deposit Box leaks data
Data Deposit Box had exposed over 270,000 consumer files due to an unsecured Amazon S3 bucket. The leaked data included IP addresses, email addresses, and GUIDs of users. The exposed database also allowed others to view user data including admin usernames and unencrypted passwords. The leaky database was finally secured by the firm on January 6, 2020.  

AMD confirms stealing of files
AMD has confirmed that a hacker has stolen files related to some of its graphics products. The includes source code for the Navi 10 architecture, which is used in some Radeon RX 5000-series graphics cards, the upcoming Navi 21, and Arden. Some screenshots of these files were put on GitHub as a setup to initiate the sales process. 

Chubb attacked
Cyber insurer giant Chubb has been hit by Maze ransomware. The operators claim to have encrypted devices on Chubb’s network in March 2020. In addition to this, they have stolen some files which then will be used as leverage by threatening to publicly release it if a ransom is not paid. 

Ryuk continues to target hospitals
The Ryuk ransomware operators are continuing to target hospitals even during the Coronavirus pandemic. Lately, the ransomware has affected an unknown US health care provider, encryption its data and systems.      

Top Malware Reported in the Last 24 Hours

New Silence malware variants
Researchers have detected successful attacks against at least two European companies in the pharmaceutical and manufacturing industries. Based on the tools employed in the attacks, the suspects are likely the Silence and TA505 financially-motivated groups. The malware identified in the campaign are Silence.ProxyBot and updated versions of Silence.MainModule. Both samples are associated with the Silence threat actor group.   

Top Vulnerabilities Reported in the Last 24 Hours

Unpatched iOS bug for VPN
A currently unpatched bypass vulnerability affecting iOS 13.3.1 or later is preventing VPNs from encrypting all traffic. This can lead to some internet connections bypassing VPN encryption and exposing user’s data or leak their IP addresses. The vulnerability scores 5.3 on the CVSS v3.1 scale.  

Vulnerable VLC for iOS
An unauthenticated insecure direct object reference (IDOR) issue in VLC for iOS has been identified in VLC for iOS. The bug could allow a local attacker to steal media from the storage. This is possible by abusing a functionality in the iOS application for VLC. The issue has been addressed by implementing a user-friendly authentication mechanism on the VLC iOS web server for WiFi Sharing. 

CODESYS bug
A critical flaw in a web server for the CODESYS automation software for engineering control systems could allow a remote, unauthenticated attacker to crash a server or execute code. The bug is rated as ‘10’ on the CVSS scale and is tracked as heap-based buffer overflow (CVE-2020-10245). The flaw has been patched with version V3.5.15.40 of the software. 

Top Scams Reported in the Last 24 Hours

Bitcoin scam
A bitcoin scam that promises a victim with high returns due to the current global pandemic is doing rounds on the internet. The scam begins with a flood of emails that have different subject lines like, ‘Staying at home because of COVID-19!! Spend your time making thousands on Bitcoins’, ‘The positive impact of staying home (Corona-virus), Make thousand a day trading Bitcoin’, and ‘Join 1000s of Brits making 1000s a day. Bitcoin is back – and this time you can make a million’.     

Scammers target home deliveries
Scammers are taking advantage of delayed shipment of home deliveries to steal personal and financial information of users. The scam relies on specially-crafted text messages that inform users to confirm their address to complete the shipment process. The URL, in this case, is a short domain name, which if clicked, redirects the victim to a fake Canada Post site.

 Tags

bypass vulnerability
amd
data deposit box
codesys bug
silenceproxybot
silence malware
bitcoin scam

Posted on: March 27, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!