Cybercriminals are always on the lookout for new attack vectors and exploits to infiltrate their targets. Now, researchers have discovered the first attack campaign leveraging a BlueKeep exploit to plant cryptocurrency miners on target systems. Over 750,000 unpatched Windows systems globally are vulnerable to this exploit.
Over the weekend, a couple of high-profile BEC scams also made major headlines. The Japanese media giant Nikkei and the City of Ocala, Florida, the two victims of these scams, collectively lost millions of dollars to the fraudsters.
Meanwhile, Google has patched a major flaw in the Android OS that could allow attackers to plant malware in nearby devices using NFC beaming.
Top Breaches Reported in the Last 24 Hours
Adult sites expose data
An unsecured database exposed Information related to millions of users of several adult sites run by the Barcelona-based VTS Media. The exposed details included usernames, user activity logs, and even IP addresses in some cases. Researchers from the cybersecurity firm Condition:Black discovered the exposed database and notified the company, upon which it was secured.
Another Click2Gov breach
The U.S. Virgin Islands Water and Power Authority (WAPA) disclosed a data breach from its use of Click2Gov, a third-party software used by many government agencies. The breach resulted in the exposure of payment card details and even fraudulent transactions for some of the residents. This adds to the growing number of Click2Gov breaches in the last two years.
The Japanese media conglomerate Nikkei suffered a business email compromise scam, wherein an amount of $29 million was transferred to the fraudsters’ bank accounts. The cybercriminals requested wire transfers from an employee using fraudulent information by posing as a Nikkei executive.
Top Malware Reported in the Last 24 Hours
BlueKeep exploit in the wild
For the first time, researchers have discovered an attack campaign exploiting the BlueKeep flaw that was disclosed in May 2019. The flaw affects 32-bit and 64-bit versions of Windows 2000, Windows Vista, Windows XP, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2. This exploit is used to plant a Monero cryptocurrency miner on the target system. Over 750,000 unpatched Windows systems globally are vulnerable to this exploit.
Ryuk variant targets LAN hosts
Researchers from Crowdstrike analyzed a new Ryuk ransomware variant distributed by the Russia-based WIZARD SPYDER threat group. The new variant can identify LAN hosts using ARP ping scanning and wake LAN hosts that are in a standby power state by sending a Wake-on-LAN (WoL) magic packet.
Top Vulnerabilities Reported in the Last 24 Hours
Android NFC bug
Smartphones running Android 8.0 (Oreo) or above are impacted by a vulnerability, tracked as CVE-2019-2114, that allows hackers to discreetly infect nearby devices with malware using NFC beaming. Google has fixed the flaw in its October 2019 update for Android.
Malicious XLM macros in SYLK files
Researchers have discovered that attackers can embed XLM macros within symbolic link (SYLK) files to spread malicious code. An option in Microsoft Office for Mac called "Disable all macros without notification" enables XLM macros without prompting. This can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Top Scams Reported in the Last 24 Hours
BEC Scam on City of Ocala
The City of Ocala in Florida was hit by a business email compromise (BEC) scam whereby an amount of $742,000 was redirected to fraudster-controlled bank accounts. The criminals impersonated a legitimate construction firm working with the city, and requested an employee to process their invoice by providing fake details.