Go to listing page

Cyware Daily Threat Intelligence, May 04, 2020

Cyware Daily Threat Intelligence, May 04, 2020

Share Blog Post

Applying security patches in time offers better security against malware attacks. Lately, threat actors are actively scanning the internet for vulnerable WebLogic server and Salt software to launch attacks against companies. The RCE vulnerability affecting Oracle’s WebLogic server is one of many vulnerabilities that was patched in Oracle’s April 2020 Critical Patch Update. On the other hand, the vulnerabilities affecting Salt software have been exploited to hack nearly ten companies to date, including LineageOS and the Ghost blogging platform.

Meanwhile, a new variant of SLocker Android malware has been detected locking users out of their Android phones. The variant is disguised as ‘Koronavirus haqida’ app to trick users. The victims affected by the malware variant are asked to call a number in order to unlock their phones.

Top Breaches Reported in the Last 24 Hours

Attempt to steal coronavirus research
The UK’s National Cyber Security Center (NCSC) has warned of state-sponsored hackers’ attempt to hack the country’s universities and scientific facilities to steal the findings related to coronavirus research. It is believed that state-sponsored groups hail from Russia, Iran, and China.

Tokopedia breach
Asian e-commerce giant, Tokopedia, is investigating a major data breach after researchers revealed that 91 million of its user records were up for sale on the dark web. The records include emails, password hashes, names, and other crucial data of users. The complete database was being sold for a price of $5000.

Top Malware Reported in the Last 24 Hours

Android SLocker variant
A new variant of SLocker Android malware is masquerading as ‘Koronavirus haqida’ app that locks users out of their phones. Once installed, the app downloads a package named ‘com.lololo’ that locks the screen and displays a message to enter a code within 20 minutes to unlock it. The text asks the victims to contact on a given phone number to get the code.

Stealing data from air-gapped systems
In a recent study, a researcher demonstrated a new kind of malware that could be used to covertly steal highly-sensitive information from air-gapped and audio-gapped systems. This can be done by using a technique, called POWER-SUPPLaY, which leverages electromagnetic, acoustic, thermal, and optical covert channels in addition to power cables to exfiltrate data from non-networked computers.

Top Vulnerabilities Reported in the Last 24 Hours

Mass-scanning of Salt vulnerabilities
Hackers are mass-scanning the internet for vulnerable Salt software to hack organizations in a new campaign. The two vulnerabilities in question are CVE-2020-11651 and CVE-2020-11652. As many as ten companies have been hacked already by exploiting the vulnerabilities. Two of the victim companies are LineageOS and Ghost blogging platform. The blogging company, Ghost, stated that the hackers had exploited the flaws to install a cryptocurrency miner.

Exploitation Oracle WebLogic server continues
Oracle warned that threat actors have been spotted actively scanning the internet for recently patched multiple vulnerabilities, including a critical RCE flaw in WebLogic server to launch attacks. The critical flaw in Oracle WebLogic server, tracked as CVE-2020-2883, has been patched in Oracle’s April 2020 Critical Patch Update.

Demerits of linking biometric identifiers
A group of researchers shared a detailed study on how linking physical biometrics to users’ device identifiers can allow adversaries to gather explicit information about users. The exploit setup merely includes eavesdropping tools including hidden cameras, microphones, a WiFi, or an integrated solution like a WiFi spy microphone.


slocker android malware
power supplay
ghost blogging platform
oracle weblogic server

Posted on: May 04, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.