Cyware Daily Threat Intelligence, November 06, 2019

Share Blog Post

Tech support scammers have found a new way to trick netizens using the Firefox browser. They are abusing a browser lock bug found in Firefox’s 70.x Stable, 71.x Beta, and 72.x Nightly versions to launch lock screen attacks. The victims are asked to call a fake Windows support line within 5 minutes to avoid having their systems disabled.

The past 24 hours also witnessed a new variant of MegaCortex ransomware which now also changes users’ passwords apart from encrypting their files. The variant appends .m3g4c0rtx extension to the encrypted files.

A serious vulnerability existing in Libarchive compression library has been found affecting Debian, Ubuntu, Gentoo, Arch Linux, FreeBSD and NetBSD operating systems. The vulnerability can allow an attacker to execute code on a user's system via a malformed archive file.

Top Breaches Reported in the Last 24 Hours

Trend Micro data breach
An ex-employee of Trend Micro has stolen and sold the personal data of up to 120,000 customers to a third-party vendor. The compromised information included names, email addresses, support ticket numbers, and some telephone numbers. The stolen data was then used to conduct scams. The firm has disabled the employee’s account and notified law enforcement agencies.

Facebook reveals a privacy breach
Facebook has revealed a new privacy breach involving approximately 100 app developers. It is noted that these developers may have accessed member information like names and profile pictures associated with group activity of some Facebook groups. The apps involved are primarily related to social media management and video streaming software.

Ransomware attack
A ransomware attack has disrupted all IT operations in the territory of Nunavut, Canada. Going by the attack method, it is believed that DopplePaymer ransomware is behind the attack. The attackers have demanded digital currency payments to release the data.

Over $400,000 stolen
More than $400,000 has been stolen from Pipestone Kin-Ability Centre in Moosomin, Saskatchewan after a cyberattack. The organization revealed that attackers gained unauthorized access to its payroll system. The theft was discovered on October 1, 2019.

Operation Vendetta
An Italian hacktivist group has hacked websites of professional orders, prefecture of Naples, and also the telephone operator Lyca Mobile as a part of its campaign named ‘Operation Vendetta’. It seems the group has stolen 5.4 GB of documents although there is no info about the authenticity of the documents.

Top Malware Reported in the Last 24 Hours

New version of MegaCortex
A new version of MegaCortex ransomware has been discovered by security researchers. The variant not only encrypts victims’ files but now changes the user’s password. Later it threatens to publish the victim’s files if a ransom is not paid. The malware appends .m3g4c0rtx extension to the encrypted files.

Capesand exploit kit
A new exploit kit named Capesand has been found exploiting recently discovered vulnerabilities in Adobe Flash and Microsoft IE to distribute malware. Researchers have uncovered that the exploit kit reuses open-source code, including the exploits, obfuscation and packaging techniques from other exploit kits.

Top Vulnerabilities Reported in the Last 24 Hours

Libarchive vulnerability
A vulnerability found in Libarchive affects Debian, Ubuntu, Gentoo, Arch Linux, FreeBSD and NetBSD distros. It is tracked as CVE-2019-18408. The vulnerability does not impact macOS and Windows operating systems where this library is used as a default decompression utility. The impacted operating systems have rolled out updates to address the reported bug.

Vulnerable Asus Wi-Fi
A vulnerability discovered in Asus Wi-Fi software could have given hackers unprecedented access to users’ networks and made it possible to hijack smart home devices. By abusing the vulnerability, hackers can sniff IP addresses, users’ names, devices’ names, usage information and more.

A security issue in Siemens PLC 
An undocumented access feature in some newer models of Siemens PLC can be used as a weapon by attackers. The hardware-based special access feature exists in Siemens' S7-1200 PLCs. Attackers can use the special access feature to bypass the bootloader's firmware integrity check.

Top Scams Reported in the Last 24 Hours

Tech support scam
Tech support scammers are actively abusing a Firefox browser lock bug to trick potential victims. The victims are asked to call a fake Windows support line within 5 minutes to avoid having their systems disabled. The bug allows crooks to lock the target’s browser, preventing them from closing the browser tab that displays the tech support scam message. The issue exists in Firefox’s 70.x Stable, 71.x Beta, and 72.x Nightly versions. Mozilla is working on fixing the issue.


capesand exploit kit
tech support scam
operation vendetta
megacortex ransomware

Posted on: November 06, 2019

Get the Daily Threat Briefing delivered to your email!

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!