Cyware Daily Threat Intelligence, May 29, 2019

Share Blog Post

The newly disclosed BlueKeep vulnerability has become the talk of the town in the cybersecurity world. In a recent report published by a security researcher, it has been found that nearly one million Windows systems are vulnerable to this flaw. Tracked as CVE-2019-0708, BlueKeep is a remote code execution vulnerability that impacts Remote Desktop Protocol (RDP) services in older versions of the Windows OS such as XP, 7, Server 2003 and Server 2008. Microsoft has released security patches to address the issue and has described the flaw as ‘wormable’.

A major phishing scam was also reported in the past 24 hours. This scam leverages Microsoft’s Office 365 to trick users into revealing their login credentials. The scammers have been found sending phishing emails that appear to come from the ‘Office 365 Team’. The fraudulent email asks the recipients to review their accounts following an unusual activity detected. It includes a link which, if clicked, redirects the recipients to a fake Microsoft login page.

Popular news and social network aggregator Flipboard has disclosed a data breach that resulted in the compromise of personal information of over 145 million users. The hack occurred between June 2, 2018, and March 23, 2019, and also on April 21 and 22, 2019. As a precautionary measure, the firm has used a technique called salted hashing to improve the security of users’ data.  

Top Breaches Reported in the Last 24 Hours

‘Greene King’ gift card website hacked
Major UK pub chain Greene King, suffered a major data breach after its gift card website was compromised by hackers. The breach was discovered on May 14, 2019 and has resulted in the compromise of names, email addresses, user IDs, encrypted passwords, addresses and postcode of customers. The firm has informed UK’s ICO and all impacted customers about the breach.

NZ treasury department hacked
New Zealand Treasury department has fallen victim to a hack recently. The incident came to the light after the potential leak of budget information. The department has referred the matter to the police and at the same time, has taken immediate steps to increase the security of all budget-related information. 

Flipboard hacked
Flipboard has reset passwords of over 145 million users following a data breach that occurred between June 2, 2018, and March 23, 2019, and also on April 21 and 22, 2019. The compromised information includes some users’ account information such as names, Flipboard usernames, cryptographically protected passwords and email addresses. As a precautionary measure, the firm has used a technique called salted hashing to improve the security of users’ data. 

Top Malware Reported in the Last 24 Hours

NGROK abused to spread Lokibot
Cybercriminals have been found abusing NGROK, a secure tunneling service hosted on Amazon AWS, to spread Lokibot onto the victims’ systems. This particular campaign starts with recipients receiving an email written in Spanish pretending to come from a Spanish Bank, BBVA Banco Continental. The email tells about a fake payment to trick the recipient into downloading an attachment named ‘Detalles de la transferencia de pago.xls.’ Macros present in this document, once enabled, downloads Lokibot.

Emotet prevails in Q1 2019
Researchers from Proofpoint indicate that Emotet malware was the most prevalent email-based threat in the first three months of the year. The trojan accounted for 61% of all malicious payloads delivered via emails. Over the past years, the operators have modified the capabilities of Emotet to lift its banking data abilities to a threat delivering data-stealing payloads.

Sodinokibi ransomware ups the ante
Recent variants of Sodinokibi ransomware are accounted for making steady moves to target large enterprises. The recent samples of the ransomware use an encryption process that creates multiple victim ID profiles, encrypted file extensions and corresponding Tor pages where victims receive payment instructions.

Canadian firms attacked
Nearly 100 cyber attacks were launched against Canadian firms between January 1, 2019, and May 1, 2019. Most of these attacks involved the use of phishing emails that contained dangerous links and attachments. These links and attachments carried a variety of malware to hijack victims’ systems or steal personal data.

Top Vulnerabilities Reported in the Last 24 Hours

Windows systems vulnerable to BlueKeep
New research has revealed that nearly one million Windows PCs are vulnerable to BlueKeep. The flaw is tracked as CVE-2019-0708 and impacts the Remote Desktop Protocol (RDP) services in older versions of the Windows OS such as XP, 7, Server 2003 and Server 2008. Microsoft has released patches while warning that the flaw is wormable. It was previously reported that around 7.6 million Windows systems were vulnerable to BlueKeep.

Vulnerable BlueCats and Eaton devices
A number of major security vulnerabilities have been discovered in smart products from power management company Eaton and IoT startup BlueCats. Affected devices include Eaton's HALO Home Smart Lighting System and BlueCats' AA Beacon, a Bluetooth-connected proximity sensor that can be used in tandem with other devices. The vulnerabilities have been disclosed to the respective companies and fixes have been issued.

Vulnerable DuckDuckGo Android browser
The open source DuckDuckGo Privacy Browser for Android version 5.26.0 is vulnerable to CVE-2019-12329. Termed as address bar spoofing vulnerability, it can allow a potential hacker to launch URL spoofing attacks. Unaware victims can be redirected to fake domains disguised as high-profile websites. This would allow the attackers to steal targets’ sensitive information.

Top Scams Reported in the Last 24 Hours

Phishing scam leverages Office 365
Scammers have been found leveraging Office 365 in a new phishing scam. The main aim of the scam is to steal users’ Microsoft login credentials. Scammers behind the campaign send emails that pretend to be from the ‘Office 365 Team’ warning recipients that there has been an unusual amount of file deletions occurring on their accounts. It asks the recipients to review the alerts by clicking on a link within the email. Once users click on the link, they are redirected to a fake Microsoft account login page that prompts them to provide their username and password. The fake pages are hosted on Azure which makes it appear as a Microsoft-sanctioned URL.


sodinokibi ransomware
office 365
bluekeep vulnerability
amazon aws

Posted on: May 29, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!