Cyware Daily Threat Intelligence, November 04, 2019

See All
Cybercriminals are always on the lookout for new attack vectors and exploits to infiltrate their targets. Now, researchers have discovered the first attack campaign leveraging a BlueKeep exploit to plant cryptocurrency miners on target systems. Over 750,000 unpatched Windows systems globally are vulnerable to this exploit.

Over the weekend, a couple of high-profile BEC scams also made major headlines. The Japanese media giant Nikkei and the City of Ocala, Florida, the two victims of these scams, collectively lost millions of dollars to the fraudsters.

Meanwhile, Google has patched a major flaw in the Android OS that could allow attackers to plant malware in nearby devices using NFC beaming.

Top Breaches Reported in the Last 24 Hours

Adult sites expose data
An unsecured database exposed Information related to millions of users of several adult sites run by the Barcelona-based VTS Media. The exposed details included usernames, user activity logs, and even IP addresses in some cases. Researchers from the cybersecurity firm Condition:Black discovered the exposed database and notified the company, upon which it was secured.   

Another Click2Gov breach
The U.S. Virgin Islands Water and Power Authority (WAPA) disclosed a data breach from its use of Click2Gov, a third-party software used by many government agencies. The breach resulted in the exposure of payment card details and even fraudulent transactions for some of the residents. This adds to the growing number of Click2Gov breaches in the last two years.

Nikkei defrauded
The Japanese media conglomerate Nikkei suffered a business email compromise scam, wherein an amount of $29 million was transferred to the fraudsters’ bank accounts. The cybercriminals requested wire transfers from an employee using fraudulent information by posing as a Nikkei executive.

Top Malware Reported in the Last 24 Hours

BlueKeep exploit in the wild
For the first time, researchers have discovered an attack campaign exploiting the BlueKeep flaw that was disclosed in May 2019. The flaw affects 32-bit and 64-bit versions of Windows 2000, Windows Vista, Windows XP, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2. This exploit is used to plant a Monero cryptocurrency miner on the target system. Over 750,000 unpatched Windows systems globally are vulnerable to this exploit.

Ryuk variant targets LAN hosts
Researchers from Crowdstrike analyzed a new Ryuk ransomware variant distributed by the Russia-based WIZARD SPYDER threat group. The new variant can identify LAN hosts using ARP ping scanning and wake LAN hosts that are in a standby power state by sending a Wake-on-LAN (WoL) magic packet.

Top Vulnerabilities Reported in the Last 24 Hours

Android NFC bug
Smartphones running Android 8.0 (Oreo) or above are impacted by a vulnerability, tracked as CVE-2019-2114, that allows hackers to discreetly infect nearby devices with malware using NFC beaming. Google has fixed the flaw in its October 2019 update for Android.

Malicious XLM macros in SYLK files
Researchers have discovered that attackers can embed XLM macros within symbolic link (SYLK) files to spread malicious code. An option in Microsoft Office for Mac called "Disable all macros without notification" enables XLM macros without prompting. This can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Top Scams Reported in the Last 24 Hours

BEC Scam on City of Ocala 
The City of Ocala in Florida was hit by a business email compromise (BEC) scam whereby an amount of $742,000 was redirected to fraudster-controlled bank accounts. The criminals impersonated a legitimate construction firm working with the city, and requested an employee to process their invoice by providing fake details.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, November 05, 2019
Next
Cyware Daily Threat Intelligence, November 01, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.