Cyware Daily Threat Intelligence, May 15, 2019

See All
Researchers have uncovered security flaws in Intel’s hardware that could allow attackers to siphon sensitive data from a computer’s CPU. Meanwhile, Adobe has issued security updates to fix vulnerabilities in Adobe Media Encoder, Adobe Acrobat, Adobe Reader, and Adobe Flash Player. Microsoft has also released security updates that fix almost 79 vulnerabilities.

Recently, a security researcher observed that attackers have compromised the Best of the Web Trust Seal script which was hosted on Amazon’s content delivery network (CDN) to deploy two key logging scripts. Meanwhile, attackers were found abusing the ASUS web storage system to perform Man-in-the-Middle (MitM) attacks and distribute the Plead malware.

Fast Retailing, the company behind the Uniqlo retail chain, revealed that attackers gained unauthorized access to Uniqlo online shopping site and stole the personal information of over 460,000 customers. In another instance, Boost Mobile suffered a data breach, wherein attackers compromised user accounts via users’ Boost phone numbers and Boost.com PIN codes.

Top Breaches Reported in the Last 24 Hours

Boost Mobile data breach
Boost Mobile suffered a data breach, wherein attackers compromised user accounts via users’ Boost phone numbers and Boost.com PIN codes that have been previously exposed. In response to the breach, Boost has provided the potentially affected customers with a temporary PIN that can be used to access their account. Boost Mobile confirmed that customers’ credit card information and social security numbers are encrypted and were not compromised.

Fast Retailing data breach
Fast Retailing, the Japanese company behind the Uniqlo retail chain, revealed that almost 460,000 customer data on its Uniqlo online shopping sites have been accessed by attackers. Compromised customer data includes names, addresses, and contact details. However, partial credit card data might also be involved in the breach.

Top Malware Reported in the Last 24 Hours

Plead malware distributed via MitM attacks
Attackers are abusing the ASUS web storage system to perform Man-in-the-Middle (MitM) attacks and distribute the Plead malware. Plead malware is a backdoor which is associated with the BlackTech group. This malware specializes in data theft through a combination of the Plead backdoor and Drigo exfiltration tool.

Banload banking malware
Banload is one of the most prolific Brazilian banking malware. Attackers behind this banking malware have implemented a new technique dubbed ‘FileDelete’ to remove security software belonging to antivirus programs. This driver component ‘FileDelete’ is digitally signed with a valid certificate and is installed via the group Golang loader, leveraging PowerShell, to the local directory “C:\G DATA Security Software.

Keyloggers deployed on Best of the Web Trust Seal
Best of the Web’s Trust Seal script which was hosted on Amazon’s content delivery network (CDN) has been compromised by attackers. The Trust Seal script was compromised to deploy two key logging scripts that are designed to sniff keystrokes from visitors. Security researcher Willem de Groot who uncovered the keylogging scripts noted that the scripts were encoded, however, he managed to decode them.

Top Vulnerabilities Reported in the Last 24 Hours

Intel flaw
Researchers have uncovered security flaws in Intel’s hardware that could allow attackers to siphon sensitive data from a computer’s CPU. The series of vulnerability and exploits are classified as MDS attacks (Microarchitectural Data Sampling attacks) which include RIDL (Rogue In-flight Data Load), ZombieLoad, and Fallout.

Siemens patches vulnerabilities in LOGO and Sinamics products
Siemens has issued a total of nine new advisories with four of them addressing vulnerabilities in LOGO and SINAMICS Perfect Harmony products. LOGO products were affected by three critical and high-severity flaws including arbitrary code execution flaw. Similarly, SINAMICS Perfect Harmony GH180 medium-voltage converters were impacted by two high-severity denial-of-service (DoS) vulnerabilities. All the vulnerabilities have been fixed in the latest security updates and therefore users are requested to update the latest versions.

Adobe has issued patches for critical vulnerabilities
Adobe has issued security updates to fix vulnerabilities in Adobe Media Encoder, Adobe Acrobat, Adobe Reader, and Adobe Flash Player. The security update for Adobe Acrobat and Reader fixes 84 vulnerabilities that could have led to information disclosure and arbitrary code execution attacks. It has also fixed one critical arbitrary code execution vulnerability in Adobe Flash Player and two critical vulnerabilities in Adobe Media Encoder.

Microsoft fixes 79 vulnerabilities
Microsoft has released 3 advisories and updates for 79 vulnerabilities, with 19 being classified as Critical. The vulnerabilities include Denial of Service, privilege escalation, memory corruption, information disclosure, security feature bypass, remote code execution, cross-site scripting (XSS), tampering, and spoofing.

Top Scams Reported in the Last 24 Hours

Chinese Embassy Scam
The FBI’s Internet Crime Complaint Center (IC3) has received complaints from hundreds of victims regarding the Chinese Embassy Scam. In this scam, victims received fraudulent messages purporting to either come from a Chinese embassy, Consulate or Chinese business claiming that their passports, Social Security numbers, or credit cards were found with a suspicious person or in a suspicious package overseas. The message asks the victims to speak to an investigator who then asks them to wire transfer funds to resolve the issue. Victims have reported a total loss of $40 million with an average loss of $164,000 for each individual.





  • Share this blog:
Previous
Cyware Daily Threat Intelligence, May 16, 2019
Next
Cyware Daily Threat Intelligence, May 14, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.