Cyware Daily Threat Intelligence, November 10, 2020

Share Blog Post

In the fast-paced world of cybersecurity, cybercriminals are always on the run, launching massive and sophisticated cyberattacks. Two interesting attack campaigns that revolve around the abuse of Microsoft Teams and npm web portal have come to notice in the last 24 hours. In one incident that involved the use of Microsoft Teams, threat actors created fake ads related to the app to deploy Cobalt Strike backdoor. On the other hand, the attack leveraging npm web portal distributed a malicious JavaScript library called discord.dll - designed to steal sensitive files from a user’s browsers and Discord application.

The use of the Cobalt Strike tool was also observed in another attack campaign that involved the mass exploitation of vulnerable Oracle WebLogic servers. The flaw in question is related to a remote code execution bug existing in different versions of the servers.

Top Breaches Reported in the Last 24 Hours

Compal targeted
Compal, the second-largest laptop manufacturer, has been hit by DoppelPaymer ransomware over the weekend. While the backup files are not safe, the IT staff is working hard to reinstall encrypted workstations as fast as possible.

RedDoorz records on sale
A threat actor is selling the RedDoorz database containing 5.8 million user records on a hacking forum. The Singapore-based hotel management and booking firm had suffered a data breach in September.

Cyberattack on UVM
The University of Vermont (UVM) health network has suffered a cyberattack impacting its chemotherapy, mammogram, and screening appointments. Reports suggest that the attackers hacked into the hospital’s main computer servers to hijack the entire system.

Top Malware Reported in the Last 24 Hours

Malicious fake ads
Ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems with backdoors that deploy Cobalt Strike. The campaign has targeted organizations in various industries, however, the recent one focuses on the education sector (K-12). The malicious fake ads lure unsuspecting users into installing an update, which, in turn, is used to poison search engine results.

Malicious discord.dll
Researchers have uncovered a malicious JavaScript library called discord.dll in the npm web portal. The package is designed to steal sensitive files from a user’s browsers and Discord application. Targeted apps include browsers such as Google Chrome, Brave, Opera, Yandex, and Discord messaging app.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable WebLogic server targeted
Attackers have been found scanning the internet for vulnerable Oracle WebLogic servers to deploy the Cobalt Strike tool that allows persistent remote access to compromised devices. The flaw is tracked as CVE-2020-14882, for which Oracle has released an emergency security patch recently. It affects versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 of the Oracle WebLogic Server.

Flaws in PcVue SCADA product
Researchers have found several serious vulnerabilities in the PcVue SCADA product. The flaws can allow attackers to take control of industrial processes or cause disruption. The most serious of these is rated Critical and is related to remote code execution. The other two vulnerabilities are rated High severity.

Flawed Ultimate Member plugin patched
Admins of WordPress sites are urged to update to the latest version of the Ultimate Member plugin to block attacks arising from three vulnerabilities. The three flaws can allow attackers to escalate privileges to the admin level and fully take control of a vulnerable WordPress site.

Top Scams Reported in the Last 24 Hours

Fake Cadbury scam
Scammers have created a fake group on Facebook to lure social media users into sharing their personal and financial details. They are using a free hamper of Cadbury chocolate and a variety of themes to lure users. The Facebook group further includes official logos of the brand to make it look convincing to users. Some of the themes include messages from a specific individual pretending to be a manager from the firm, while others claim cash prizes will be sent to randomly chosen individuals.

 Tags

pcvue scada product
reddoorz
cobalt strike backdoor
cadbury scam
compal
ultimate member plugin

Posted on: November 10, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!