Cyware Daily Threat Intelligence, March 29, 2019

See All
Ransomware continues to dominate the cyber threat community, with attackers wanting fast cash. Lately, security experts have come across a new ransomware that demands a $50 Amazon gift card instead of cryptocurrency as ransom. Dubbed as ‘ Unnam3d R@nsomware’, the ransomware moves victims’ files into password-protected RAR archives before displaying the ransom note.

Apart from this, a new threat in VISA (Visualization of Internal Signals Architecture) debugging feature has been discovered in Intel chipsets. Researchers claim that the attackers can abuse the feature to intercept data from the computer memory and create spyware that works at the lowest possible level.

There has also been a rise in robocall scams. In a major update, the Federal Bureau of Investigation (FBI) reported that the US citizens have lost over $40 million to Chinese Embassy robocall scams last year. The average loss per victim is estimated to be over $164,000. The scam works by scammers impersonating Chinese government officials and informing the victims that they have an important package to be picked up from the consulate.  

Top Breaches Reported in the Last 24 Hours

US government's top secrets exposed
Harold T.Martin III has been found guilty for taking classified documents of N.S.A.’s Tailored Access Operations hacking unit to home. Touted to be one of the biggest breaches, the FBI agents had stacked the documents and electronic storage devices in his car, his home and even in a garden shed. Investigators found that Martin has not shared the stolen secrets with anyone. However, they were astonished to find that Martin had been carrying these classified materials from the National Security Agency (NSA) and other security agencies for the past 20 years. Martin is likely to draw a nine-year prison sentence for this act.

Top Malware Reported in the Last 24 Hours

UNNAM3D R@NSOMWARE
New ransomware named UNNAM3D R@NSOMWARE has been found demanding victims a $50 Amazon gift card code instead of cryptocurrency, as ransom. The ransomware is distributed via email. Once installed, the ransomware moves the victims' files into password-protected RAR archives and demands the ransom.

Soula Watering Hole attack
Four South Korean websites have been found to be used by cybercriminals to steal users credentials in a new 'Soula' Watering Hole attack. The websites were compromised with malicious JavaScript code that can enable the attackers to exploit browsers and grab financial information. A Chinese APT group is believed to be behind the attack.

Malicious Christchurch shooter manifesto
A modified version of the Christchurch shooter manifesto that is used to deliver malware on to victims' machines has been discovered recently. The downloaded executable is called Haka.exe. It can overwrite the master boot record in Windows systems.

Trickbot trojan's latest attack
Researchers have found a new phishing campaign that distributes the infamous Trickbot trojan. The malware arrives in the form of malicious VBScript embedded within a Word document. The VBScript is encrypted using the base64 algorithm. Once executed, the trojan creates a duplicate of itself and disables Windows Defender.
 
Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Intel's VISA
Researchers have discovered that the unknown and undocumented Intel Visualization of Internet Signals Architecture (VISA) debugging feature could be abused to manipulate the data passing through the CPU. This can be done by exploiting vulnerabilities detailed in Intel’s Intel-SA-00086 security advisory.

Magento releases security updates
Magento has released a series of security updates to fix a wide range of vulnerabilities that includes Cross-Site Request Forgery, Cross-Site Scripting, SQL Injection, and Remote Code Execution. The issues affect sites using both the Open Source and Commercial version of the software. Versions prior to 2.1.17, 2.2.8, and 2.3.1 are affected by the vulnerabilities.

20 flaws fixed in Cryptocurrency platforms
Seven cryptocurrency platforms have fixed 20 vulnerabilities in the last 2 weeks. The affected platforms are Omise, Monero, Stellar, Crypto.com, ICON, Robinhood, and Augur. Among them, Omise had reported a total of eight security flaws.

Top Scams Reported in the Last 24 Hours

Robocall scams are on a rise
Chinese Embassy robocall scams have cost the US citizens over $40 million last year. The Federal Bureau of Investigation revealed that around 35% of the victims are from California and New York. The scam works by impersonating the Chinese government. People who pick up these calls are told in Mandarin to pick up an important package from the consulate.

Office Depot tricked consumers
Office Depot and software firm Support[.]com has been found guilty for tricking its consumers into buying redundant computer repair services. Following this, the firm has been asked to pay an amount of $35 million as a settlement. The companies used PC Health Check, a software program, as a sales tool to convince consumers to purchase tech repair services.





  • Share this blog:
Previous
Cyware Daily Threat Intelligence, April 01, 2019
Next
Cyware Daily Threat Intelligence, March 28, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.