Cyware Daily Threat Intelligence, May 20, 2020

Share Blog post

The perks of Bluetooth technology come with several security risks and one such threat has been identified recently. Researchers have uncovered that smartphones, laptops, and other IoT devices are vulnerable to Bluetooth Impersonation AttackS (BIAS). The flaw has been recently discovered and affects a wide range of chips from Intel, Qualcomm, and Samsung.

Apart from the above, a series of five unpatched vulnerabilities have been identified in Microsoft Windows. The flaws arise due to the user-mode printer driver host process splwow64.exe and can allow attackers to escalate privileges on affected systems.

Top Breaches Reported in the Last 24 Hours

Natura exposes data
Last month, Brazil’s biggest cosmetic brand Natura had inadvertently exposed more than 192 million records due to an unprotected AWS bucket. The exposed information consisted of personal data, including account login cookies of 250,000 customers. Apart from these, there was also some leaked information on Moip payment account details and access tokens for nearly 40,000 wirecard.com.br users.

REvil operators to auction documents
After claiming to have found buyers for selling stolen documents related to the U.S. President, REvil ransomware operators are now preparing to auction sensitive data of international celebrity Madonna. All these documents were allegedly stolen from Grubman Shire Meiselas & Sacks.

Microsoft discloses a breach
Microsoft had to warn a subset of Office 365 administrators about a data leak that exposed its internal search results to outsiders. The issue arose due to a bug in the application and was immediately resolved by the organization. However, the number of impacted accounts remains unknown.

Top Malware Reported in the Last 24 Hours

NetSupport Manager RAT
An ongoing COVID-19 themed phishing campaign that installs the NetSupport Manager Remote Administration Tool (RAT) is letting attackers compromise victims’ computers. The attack campaign starts with a phishing email that pretends to be from the John Hopkins Center and claims to be an update on the number of Coronavirus-related deaths in the US.

Top Vulnerabilities Reported in the Last 24 Hours

Five unpatched flaws
Five unpatched vulnerabilities found in Microsoft Windows can allow an attacker to escalate privileges on affected systems. These flaws have received a CVSS score of 7.0. Three of these are zero-day vulnerabilities and are tracked as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915,

BIAS vulnerability
A new vulnerability, dubbed Bluetooth Impersonation AttackS (BIAS), has been found impacting a wide range of chips from Intel, Qualcomm, and Samsung. Threat actors can abuse the flaw to send and request data between smartphones, laptops, and IoT devices without the knowledge of users. The flaw works against any device that uses the Bluetooth Classic protocol.

Adobe releases a patch
Adobe has issued an out-of-band patch to fix a remote code execution flaw in its Character Animator. The flaw is tracked as CVE-2020-9586 and has a score of 7.8 on the CVSS scale. 

Flawed Contact-tracing app
Seven security flaws have been flagged in the UK’s COVID-19 contact-tracing app. The flaws can expose the details of people to others. Moreover, researchers noted the data collected is stored in an unencrypted format in the app.

Top Scams Reported in the Last 24 Hours

Scattered Canary scammer group
Scattered Canary group is targeting U.S. unemployment systems and COVID-19 relief funds provided under the CARES Act to steal funds on behalf of U.S. citizens. They are using stolen social security numbers and other personal details of users to create fake accounts on websites that process CARES Act payments. Moreover, they are abusing a feature in Gmail to create different variations of fraudulent claims with the same email address.

 Tags

scattered canary group
microsoft windows
netsupport manager rat
revil operators
bluetooth impersonation attacks bias

Posted on: May 20, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!