Go to listing page

Cyware Daily Threat Intelligence, May 28, 2020

Cyware Daily Threat Intelligence, May 28, 2020

Share Blog Post

A team of academics has found that USB drives can pose a serious threat to organizations.  They have discovered a pool of 26 new vulnerabilities in USB driver stacks that are employed by different operating systems such as Linux, macOS, Windows, and FreeBSD.

Talking more about threats, two new ransomware - [F]Unicorn and PonyFinal - have also emerged in the last 24 hours. While [F]Unicorn spreads via a legitimate-looking fake COVID-19 contact tracing app, the PonyFinal ransomware propagates via a brute-force attack.

Top Breaches Reported in the Last 24 Hours

1.3 million users’ data breached
The data of up to 1.3 million civil servants have been reportedly breached after unknown hackers infiltrated the Indonesian Education and Culture Ministry. The compromised data includes full names, citizenship identification numbers (NIK), Family Card numbers, home addresses, and birth dates of the affected individuals.

Michigan State University attacked
The operators of NetWalker ransomware have claimed to have hacked the network of Michigan State University. They have published five images related to stolen files on their site to support their claims. These include two images showing a directory structure allegedly from the university's network, a passport scan for a student, and two scans of Michigan State financial documents.

Tellus app leaks data
An unsecured Amazon S3 bucket had leaked thousands of user records and private messages belonging to the Tellus app. The data bucket in question contained a folder with 6,729 CSV files related to the app. The leaky bucket was fixed after the company was made aware by researchers.

Top Malware Reported in the Last 24 Hours

Grandoreiro trojan improvised
An updated version of Grandoreiro trojan has been found targeting banking users in Portugal. The new variant, that is disseminated via a malspam campaign, includes communication modules similar to Latenbot botnet.

[F]Unicorn ransomware
Researchers have detected a new ransomware strain called [F]Unicorn that targets Italian users by masquerading as an official COVID-19 contact tracing app. Once the app is installed, it executes the ransomware in the background while showing a fake dashboard on COVID-19 to the user. After encrypting data, [F]Unicorn displays a ransom note, asking for 300 euros in exchange for the decryption key.

Valak malware evolves
Recent versions of Valak malware have been found targeting Microsoft Exchange servers in a massive cyberespionage campaign. The primary goal of these malware versions is to steal targeted enterprises’ mailing information and passwords along with their certificates. This campaign is specifically used against enterprises in the US and Germany.

PonyFinal ransomware
Microsoft has issued an advisory about a newly discovered PonyFinal ransomware that has spread across India, Iran, and the US. The ransomware, which is written in Java language,  spreads via brute-forcing weak passwords on a company’s systems management server. It appends ‘.enc’ extension to the end of each encrypted file.

Top Vulnerabilities Reported in the Last 24 Hours

Apple patches over 50 flaws
Apple has addressed more than fifty flaws affecting its macOS and Safari. Eighteen of these vulnerabilities are specific to macOS Catalina, but many of these impact macOS High Sierra and macOS Mojave as well. All these flaws have been fixed with the release of macOS Catalina 10.15.5, Security Update 2020-003 for Mojave, and Security Update 2020-003 for High Sierra. On the other hand, 10 vulnerabilities affecting Safari have been addressed with the new version 13.1.1.

26 USB bugs
Academics have discovered 26 new vulnerabilities in the USB driver stack employed by operating systems such as Linux, macOS, Windows, and FreeBSD. Eighteen of these flaws impact Linux, out of which eleven have been patched already.

Top Scams Reported in the Last 24 Hours

Google sites impersonated
According to a new report, threat actors impersonated different products of Google to launch 65,000 cyberattacks in the first four months of 2020. The purpose of these attacks was to steal login credentials from users. Most of these attacks involved the use of Google file sharing and storage services such as Google Docs, Google Drive, and Google Cloud storage.


valak malware
grandoreiro trojan
usb driver
funicorn ransomware
ponyfinal ransomware
tellus app

Posted on: May 28, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.