Cyware Daily Threat Intelligence, March 28, 2019

Canadian Internet Registration Authority (CIRA) revealed that it has suffered a ransomware attack. The attack affected the parking garage of the firm. It is believed that the malware used in the attack belongs to the Dharma ransomware family. As a result of the attack, anyone could park their vehicles for free without verifying the access cards. The attack occurred on March 26, 2019.

Two cryptocurrency exchange platforms, DragonEx and CoinBene, have suffered cyber attacks. This has resulted in the loss of over $1 million and $45 million respectively. Both the firms have confirmed the hacks and are investigating the matter to understand the extent of the attacks. They are also working on retrieving the stolen assets.

Security researchers discovered a new cyber-espionage campaign that targets South Asian governments. Dubbed as 'LUCKY ELEPHANT', the campaign is carried out by creating fake websites of legitimate entities such as foreign governments, telecommunications, and military. The campaign has been active since February, 2019 and is used to harvest login credentials.

Cybercriminals are targeting several WordPress and Joomla sites to distribute Shade/Troldesh ransomware. The ransomware propagates via malspam email that contains either a ZIP attachment or a link to an HTML page, which downloads the ZIP file. WordPress sites using versions 4.8.9 to 5.1.1 are reported to be affected by the ransomware.

Security researchers have uncovered a new Android banking trojan named Gustuff. Although the trojan has been around for almost a year, it came to light only recently. A recent analysis reveals that banking trojan has targeted over 100 banking apps and 32 cryptocurrency apps. The target includes known banks such as Bank of America, Bank of Scotland, J.P.Morgan, Wells Fargo, Capital One, TD Bank, and PNC Bank.

Cisco has released a total of 27 patches to address several vulnerabilities in its products running ISO XE operating system. A total of 19 bugs have been rated as 'High' on the severity scale, with others rated as medium.

A bug in Siemens SCALANCE X Ethernet switches

A bug dubbed CVE-2019-6569 has been discovered in Siemens SCALANCE X Ethernet switches. The flaw can be exploited remotely and can allow an attacker to feed data over a mirror port and into the mirrored network. Users can fix the issue by updating the software of the switches to v4.1.

A serious security flaw has been discovered in MateBook laptops that use the Huawei PCManager driver. Researchers claim that the flaw can enable an attacker to gain privileged access and take control of systems using Windows 10. Huawei has fixed the driver in early January 2019.

Researchers have discovered security flaws in Likud and labor party apps. The flaws can enable hackers to access the list of party members and their personal details. This information includes political opinion, social contacts, demographic data, telephone numbers, and addresses of politicians.