Cyware Daily Threat Intelligence, May 27, 2020

Share Blog post

A new variant of the dangerous StrandHogg vulnerability has come to light in the past 24 hours. Dubbed as StrandHogg 2.0, the flaw could allow malicious actors to access almost all apps on a targeted device. It affects all smartphones running versions prior to Android 9.

Two new malware - DEFENSOR ID and Ketrum - were also uncovered by security researchers. While DEFENSOR ID is an Android malware that allows attackers to steal funds from a victim’s cryptocurrency wallet or online bank account, Ketrum includes backdoor capabilities.

Amid all these new cyber threats, the past 24 hours also witnessed security experts crackdown on DoubleGuns trojan’s malicious operations in China. The trojan had infected hundreds of thousands of computers.

Top Breaches Reported in the Last 24 Hours

LiveJournal credentials leaked
A database containing credentials of over 26 million LiveJournal users was available for sale on several hacking forums. The database was supposedly accessed in 2014 during a cyberattack on the blogging platform. Days after being made available on the dark web, the database was circulated for free on Telegram channels and other file-sharing portals.

Details stolen from BCR published
Maze ransomware operators have published a batch of credit card details stolen from the Bank of Costa Rica (BCR). The bank was infiltrated in August 2019, following which the hackers claimed to have stolen internal data including 11 million credit card credentials.

Buggy app exposes data
A security flaw in Qatar’s contact tracing app had exposed sensitive information of more than one million users. The compromised information included names, health status, and GPS coordinates of users. The glitch was fixed by the firm after being flagged by researchers.

EduCBA discloses a breach
The online education portal, EduCBA, has urged its customers to reset passwords following a data breach. The incident occurred due to unauthorized third-party access, resulting in the compromise of email addresses, names, and passwords of users.

Arbonne data breach
A data breach at Arbonne International, last month, had resulted in the compromise of personal information of 3,527 California residents. The firm is still investigating the matter and has informed the law enforcement agencies.

Truecaller records on sale
A cybercriminal is offering records of 47.5 million Indian users for a price of $1000. The data on sale includes phone numbers, gender, city, mobile network, and Facebook ID, among others. Meanwhile, Truecaller has refuted the breach by saying that all user information is secure.

Top Malware Reported in the Last 24 Hours

DoubleGuns’ operations disrupted
Researchers from Qihoo 360 teamed up with Chinese tech giant Baidu to disrupt the operations of DoubleGuns trojan. The malware had infected thousands of Chinese users. Its primary purpose was to infect users with MBR and VBR bootkits, install various malicious drivers, and steal credentials from apps.

DEFENSOR ID malware
Security researchers have uncovered a new Android malware strain called DEFENSOR ID that is distributed via an app with the same name. It gives attackers the ability to steal funds from a victim’s cryptocurrency wallet or banking account. Moreover, the trojan can also take over a victim’s email or social media accounts.

New Ketrum malware
Ketrum is a newly discovered malware that borrows its source code from Ketrican and Okrum backdoors. The malware is a creation of the Ke3chang hacking group and includes keylogging and backdoor capabilities.

Top Vulnerabilities Reported in the Last 24 Hours

Flawed IoT devices
Systemic design flaws discovered in internet-connected doorbells and security cameras from different manufacturers can allow attackers to secretly invade private audio and video recordings. The flaws affect a series of products manufactured by Ring, Nest, SimpliSafe, D-Link, Blink, Momentum, and TP-Link.

New details about ThunderSpy
According to a new report, macOS devices are partially affected by the recently found ThunderSpy vulnerability that could lead to evil maid attacks. The flaw impacts all Thunderbolt-equipped PCs manufactured before 2019.

StrandHogg 2.0
Devices running versions prior to Android 9.0 are vulnerable to a newly found StrandHogg 2.0 flaw. Tracked as CVE-2020-0096, the flaw can allow attackers to gain access to almost all apps installed on target devices. The vulnerability resides in the Android’s multitasking system that keeps tabs on every recently opened app.

 Tags

educba
thunderspy flaw
doubleguns trojan
strandhogg 20
defensor id

Posted on: May 27, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!