Cyware Daily Threat Intelligence, March 28, 2019

See All
Cybercrooks are constantly devising new ways to pilfer login credentials and other sensitive information from users. Lately, security researchers have discovered a new campaign dubbed ‘LUCKY ELEPHANT’ that targets South Asian government officials. The campaign, which has been active since February 2019, is being used to trick victims into providing their login credentials. For this, the attackers have created fake websites that mimic legitimate entities such as foreign governments, telecommunications, and military.

The past 24 hours also witnessed cybercriminals targeting several WordPress and Joomla sites to distribute the infamous Shade ransomware. The malware is propagated via malspam email that contains either a ZIP attachment or a link to an HTML page, which downloads the ZIP file. The WordPress sites that are using versions 4.8.9 to 5.1.1 and SSL certificates issued by Automatic Certificate Management Environment (ACME) are affected by the ransomware.

Despite all these major blows, organizations across the globe always make sure to shield their critical infrastructures and vulnerable products with appropriate security measures. In a major security update, Cisco has released a total of 27 patches to fix a wide range of vulnerabilities across its multiple products running the ISO XE software.

Top Breaches Reported in the Last 24 Hours

CIRA suffers a ransomware attack
Canadian Internet Registration Authority (CIRA) revealed that it has suffered a ransomware attack. The attack affected the parking garage of the firm. It is believed that the malware used in the attack belongs to the Dharma ransomware family. As a result of the attack, anyone could park their vehicles for free without verifying the access cards. The attack occurred on March 26, 2019.

DragonEx and CoinBene attacked
Two cryptocurrency exchange platforms, DragonEx and CoinBene, have suffered cyber attacks. This has resulted in the loss of over $1 million and $45 million respectively. Both the firms have confirmed the hacks and are investigating the matter to understand the extent of the attacks. They are also working on retrieving the stolen assets.

Top Malware Reported in the Last 24 Hours

LUCKY ELEPHANT campaign
Security researchers discovered a new cyber-espionage campaign that targets South Asian governments. Dubbed as 'LUCKY ELEPHANT', the campaign is carried out by creating fake websites of legitimate entities such as foreign governments, telecommunications, and military. The campaign has been active since February, 2019 and is used to harvest login credentials.

WordPress and Joomla sites targeted
Cybercriminals are targeting several WordPress and Joomla sites to distribute Shade/Troldesh ransomware. The ransomware propagates via malspam email that contains either a ZIP attachment or a link to an HTML page, which downloads the ZIP file. WordPress sites using versions 4.8.9 to 5.1.1 are reported to be affected by the ransomware.

Gustuff trojan
Security researchers have uncovered a new Android banking trojan named Gustuff. Although the trojan has been around for almost a year, it came to light only recently. A recent analysis reveals that banking trojan has targeted over 100 banking apps and 32 cryptocurrency apps. The target includes known banks such as Bank of America, Bank of Scotland, J.P.Morgan, Wells Fargo, Capital One, TD Bank, and PNC Bank.
 
Top Vulnerabilities Reported in the Last 24 Hours

Cisco releases 27 patches
Cisco has released a total of 27 patches to address several vulnerabilities in its products running ISO XE operating system. A total of 19 bugs have been rated as 'High' on the severity scale, with others rated as medium.

A bug in Siemens SCALANCE X Ethernet switches
A bug dubbed CVE-2019-6569 has been discovered in Siemens SCALANCE X Ethernet switches. The flaw can be exploited remotely and can allow an attacker to feed data over a mirror port and into the mirrored network. Users can fix the issue by updating the software of the switches to v4.1.

Huawei PCManager driver bug
A serious security flaw has been discovered in MateBook laptops that use the Huawei PCManager driver. Researchers claim that the flaw can enable an attacker to gain privileged access and take control of systems using Windows 10. Huawei has fixed the driver in early January 2019.

Flaws in Likud and Labor party apps
Researchers have discovered security flaws in Likud and labor party apps. The flaws can enable hackers to access the list of party members and their personal details. This information includes political opinion, social contacts, demographic data, telephone numbers, and addresses of politicians.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, March 29, 2019
Next
Cyware Daily Threat Intelligence, March 27, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.