Cyware Daily Threat Intelligence, November 08, 2019

Share Blog post

Threats due to BlueKeep vulnerability continues to run rampant on unsupported Windows versions. Recently, Microsoft Defender APT Research Team has uncovered a new BlueKeep attack that is connected with a cryptomining campaign from September. The campaign was carried out against systems in France, Russia, Italy, Spain, Ukraine, Germany, and the United Kingdom.

Apart from Microsoft, the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has also issued a warning about the growing threats that involve the use of BlueKeep exploit. Additionally, ACSC has also alerted organizations about Emotet threats being active in the wild.
In other developments, Amazon has come under scrutiny after researchers found serious vulnerabilities in its Ring Video Doorbell Pro and Kindle. While the flaw in Ring Video Doorbell can be misused to infiltrate smart home devices, the vulnerabilities affecting Kindle can open the door to DoS attack, and code-execution.

Top Breaches Reported in the Last 24 Hours

Texas Health Resources’ data breach
Texas Health Resources has filed breach notifications following a data breach that occurred due to a misconfiguration error in its billing system. The incident has impacted the data of 82,577 patients. The breach lasted for nearly three months, starting from July 19. All of its 15 hospitals have been impacted by the breach.

InterMed notifies patients
Maine healthcare provider, InterMed is notifying about 30,000 patients that some of their PHI has been compromised in a data breach. The facility learned on September 6, 2019, that an employee’s email account had been hacked a few days prior, which led to the breach of several other accounts between September 7-10.

DMV inadvertently shares info
California DMV had mistakenly shared Social Security Number information with seven government entities for at least the last four years. The compromised information belonged to roughly 3,200 drivers and license applicants. DMV reportedly discovered the error on August 2, 2019.

Top Malware Reported in the Last 24 Hours

QSnatch malware
QSnatch is a new information-stealing malware that infects QNAP NAS devices. The malware harvests and exfiltrates user credentials found on compromised NAS devices. It is also capable of loading malicious code retrieved from its C2 servers.

49 malicious apps
A new batch of 49 malicious apps delivering adware was found on the Google Play Store. These apps had more than three million downloads and came with heavy obfuscation and detection evasion techniques. These apps were disguised as games and stylized cameras. Google has already removed all malicious apps from the Play Store.

ACSC issues warning about Emotet trojan
The Australian Signals Directorate’s Australian Cyber Security Center (ACSC) has warned businesses and people of Emotet threats being actively exploited in the wild. The malware is believed to be operated by a threat actor group tracked as TA542. On September 16, the Emotet botnet targeted individuals, businesses, and government entities in the U.S., Germany, the United Kingdom, Poland, and Italy.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Amazon’s doorbell
A high-security flaw in Amazon’s Ring Video Doorbell Pro devices could allow nearby attackers to steal Wi-Fi passwords. The vulnerability stems from the setup stage of the ring doorbell. Apart from illegally accessing a home’s Wi-Fi network, the flaw can be misused to infiltrate smart home devices as well as private photos or videos on the network.

Flawed Amazon Kindle
Multiple vulnerabilities found in Das U-Boot affect third-party hardware like Amazon Kindles, and ARM Chromebooks. These flaws can open the door to DoS attack, device takeover, and code-execution. Attackers can also exploit the flaws to gain full control of a device’s CPU and modify anything they choose.

Cisco patches flaws
Cisco has released a new set of security patches for multiple vulnerabilities found across its products such as Small Business Routers, TelePresence Collaboration Endpoint, and RoomOS software. Successful exploitation of vulnerabilities could lead to cross-site scripting (XSS) attacks, the elevation of privileges, or arbitrary command execution.
Insecure Adobe’s Mobile SDKs
Insecure default settings in Adobe’ Experience Platform mobile SDKs can make it vulnerable to interception and alteration. The issue arises from a configuration file for the SDKs called ADBMobileConfig.json. Application users check the configuration to ensure all of the options are set securely.

BlueKeep threat
Microsoft and the Australian government have issued warning about the dangerous Bluekeep vulnerability. The vulnerability is an unauthenticated remote code execution vulnerability affecting Remote Desktop Services on Windows 7, Windows Server 2008, and Windows Server 2008 R2.


qsnatch malware
emotet trojan
bluekeep vulnerability

Posted on: November 08, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.