Cyware Daily Threat Intelligence, May 14, 2020

Share Blog post

Potential vulnerabilities in devices and software can introduce numerous cybersecurity risks for organizations and individuals. In the past 24 hours, a new vulnerability called PrintDemon has been discovered that affects all versions of the Windows operating system released before 1996. Meanwhile, Siemens has disclosed that its 9410 and 9810 series of Power Meter are affected by the Urgent/11 vulnerability.

In the past 24 hours, there has been a major revelation about new malware samples used by the North Korean government-backed hacker group, HIDDEN COBRA. The new malware are COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH.

Top Breaches Reported in the Last 24 Hours

Data put up for sale
Data belonging to nine million customers of the CDEC Express transportation services was put up for sale on the dark web for $950. The leaked data included information about the delivery and location of goods and information about buyers, including tax identification numbers. Meanwhile, CDEC claimed that there was no data breach in the company.

ARCHER’s login nodes exploited
One of Britain’s most powerful supercomputers, ARCHER, fell victim to a cyberattack that exploited its login nodes. This forced the admin to reset passwords and SSH keys of all users.

NSW attacked
The New South Wales Government confirmed that it was the target of a malicious phishing attack. The incident occurred on April 22, 2020 and had affected the email accounts of 47 Service NSW Staff members.

Grubman Shire Meiselas & Sacks hit
New York-based Grubman Shire Meiselas & Sacks confirmed that cybercriminals have stolen around 756 GB of private documents and correspondence - belonging to celebrities - from its network. The attackers have demanded $21 million in ransom to stop the release of those documents online.

WA’s subscribers’ data compromised
The personal details of The West Australian subscribers may have been compromised after the Seven West Media was targeted by hackers. Reports say that the hackers had gained unauthorized access to the company’s subscription administration email by impersonating the administrator of the mailbox.

Magellan Healthcare attacked
Magellan Healthcare was hit by a ransomware attack that led to the theft of personal information from one of its corporate servers. The incident occurred on April 11 after an unauthorized actor gained access to Magellan’s systems through a phishing email sent on April 6.

Top Malware Reported in the Last 24 Hours

Three new malware samples
The US Cyber Command and CISA have released details about three new malware samples used by the North Korean government-backed hacker group, HIDDEN COBRA. These new malware strains are COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH. The new malware are being used for phishing and gaining remote access to computers.

New Ramsay malware
A newly discovered malware toolkit called Ramsay, was found to be capable of collecting sensitive files from air-gapped systems. It lands on a victim’s computer via a malicious RTF file and scans for removable drives, and network shares for Word documents, PDF files, and ZIP archives. So far, there are three variants of the malware.

COVID-19 themed phishing
Microsoft has discovered a new COVID-19 themed phishing campaign that targets businesses with the LokiBot trojan. The campaign relies on COVID-19-laced malicious attachments to lure users.
 
 Top Vulnerabilities Reported in the Last 24 Hours

PrintDemon vulnerability
PrintDemon vulnerability was found impacting all Windows versions released before 1996. The flaw is located in the Windows Print Spooler and can be exploited to hijack Windows systems. A security patch to address the flaw has been issued by Microsoft. 

Urgent/11 vulnerability
Siemens informed its customers that some of its low and high voltage power meters are affected by a set of vulnerabilities dubbed Urgent/11. The vulnerability affects 9410 and 9810 series devices that run a firmware version prior to 2.1.1. The vulnerability could allow an attacker to execute a variety of exploits for the purpose of DoS, data extraction, and remote code execution. 

SAP fixes six issues
SAP has released fixes for around two dozen critical issues as part of its security patches for the month of May. Some of these flaws are remotely exploitable and require no user interaction. The most critical one of these flaws was CVE-2020-6262, which has a severity score of 9.9 on the CVSS scale. 

Buggy Site Kit plugin
A privilege escalation vulnerability in Site Kit plugin could allow attackers to gain access to Google Search Console of a targeted site. The plugin is also affected by a flaw that is caused by the disclosure of the proxySetupURl within the HTML source code of admin pages.

Top Scams Reported in the Last 24 Hours

Fraud text message
A fake text message that appears to come from the Chartered Trading Standards Institute (CTSI) was found redirecting recipients to a phishing website, designed to collect their personal information. The message is sent under the pretext of contact-tracing for a person who contracted COVID-19.



 Tags

privilege escalation vulnerability
urgent11 vulnerability
site kit plugin
covid 19 themed phishing
magellan healthcare
taintedscribe

Posted on: May 14, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!