Cyware Daily Threat Intelligence, May 14, 2019

See All
A fraud prevention company has spilled the beans about the major antivirus companies that have been breached by the ‘Fxmsp’ hacking group. The conversations between Fxmsp group members confirm that the breached antivirus companies are Symantec, Trend Micro, and McAfee. Meanwhile, an unprotected Elasticsearch has exposed the personal records of almost 85% of Panama citizens.

A North Korean cyber-espionage group has developed a new strain of malware that is designed to harvest information from Bluetooth devices connected to Windows systems. This malware collects data such as the name of Bluetooth-connected devices, device class, device address, and more.

Researchers have uncovered a flaw in Cisco IOS XE software dubbed ‘Thrangrycat’ that could allow an attacker to first bypass the Cisco Trust Anchor module (TAm), then conduct a remote code injection with root execution. Meanwhile, WhatsApp has patched a critical buffer overflow vulnerability that could allow attackers to install spyware on mobiles via a WhatsApp call.

Top Breaches Reported in the Last 24 Hours

An unprotected server exposes Panama citizens’ personal records
An unprotected Elasticsearch server exposed almost 3,427,396 personal records and patient data of nearly 85% of Panama citizens. The exposed personal records include names, home addresses, phone numbers, email addresses, national ID numbers, dates of birth, and medical insurance numbers.

Names of the three antivirus companies revealed
A fraud prevention company has disclosed the names of the three antivirus companies that have been breached by the ‘Fxmsp’ hacking group. The three antivirus companies include Trend Micro, McAfee, and Symantec. The chat logs between Fxmsp group members confirm the victims.

Oregon State Hospital data breach
Attackers targeted Oregon State Hospital with a spear-phishing attack and gained access to an employee's email account. The compromised email account contained patients’ Protected Health Information (PHI) including names, dates of birth, dates of birth, medical record numbers, diagnoses, treatment care plans and other medical information at the psychiatric hospital.


Top Malware Reported in the Last 24 Hours

New malware that harvests Bluetooth data
A North Korean cyber-espionage group has developed a new strain of malware that is designed to harvest information about Bluetooth devices connected to Windows systems. This malware uses Windows Bluetooth APIs to collect data from victims. The Bluetooth data that is harvested includes the name of Bluetooth-connected devices, device class, device address, and whether the device is currently connected/authenticated/remembered, or not.

MegaCortex ransomware shares similarities with Lockergoga
Researchers have found similarities between the MegaCortex ransomware and Lockergoga ransomware. Both the ransomware rename the files it plans to encrypt before encrypting them. At least one of the C&C server used by MegaCortex has also been used by LockerGoga. Similarly, both the malware operators use a compromised domain controller to push the ransomware out to machines on a target network.


Top Vulnerabilities Reported in the Last 24 Hours

Thrangrycat bug
Researchers have uncovered a flaw in Cisco IOS XE software with the HTTP Server feature enabled that could allow a user with stolen credentials to execute code on a Cisco networking device with root privileges. The bug dubbed ‘Thrangrycat’ (CVE-2019-1862) could allow an attacker to first bypass the Cisco Trust Anchor module (TAm), then conduct a remote code injection with root execution.

Multiple vulnerabilities found on cloud services configurations
The Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that several cloud service configuration vulnerabilities are present in organizations that use third-party services. The configuration vulnerabilities include mailbox auditing disabled, unified audit log disabled, multi-factor authentication disabled on admin accounts, and password sync enabled.

WhatsApp patches critical vulnerability
A serious buffer overflow vulnerability was identified in the audio call feature of WhatsApp. This vulnerability could allow attackers to install spyware on mobiles via a WhatsApp call. The buffer overflow vulnerability (CVE-2019-3568) has been patched in WhatsApp versions v2.19.134 (Android), v2.19.51 (iOS), v2.18.348 (Windows Phone) and v2.18.15 (Tizen). The bug has also been patched in WhatsApp Business versions v2.19.44 (Android) and v2.19.51 (iOS).




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, May 15, 2019
Next
Cyware Daily Threat Intelligence, May 13, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.