Cyware Daily Threat Intelligence, November 11, 2019

See All
A major update on the infamous BlueKeep exploit that was used for a recent cryptomining attack has surfaced in the past 24 hours. Security pros have uncovered that the BlueKeep exploit includes a Metasploit module which can cause systems to crash and display the Blue Screen of Death (BSOD) error. This new addition to BlueKeep exploit is likely to increase the number of attacks in the future if vulnerable systems are not patched on time.

A new malware named Titanium has also come to light in the past 24 hours. This backdoor malware is being actively used by the Platinum threat actor group to infect victims from South and Southeast Asia.

With the holiday season approaching, the Cybersecurity and Infrastructure Agency (CISA) has released a list of measures for users to tackle holiday-related phishing scams. These scams are designed to capture personal or financial information and steal money from users.

Top Breaches Reported in the Last 24 Hours

Boardriders attacked
Boardriders and some of its subsidiaries QuickSilver and Billabong have suffered a ransomware attack, forcing the company to shut down its computing systems. The attack occurred during the last week of October 2019. The incident has also affected the operations of its online retail shops.

SmarterASP.NET attacked
SmarterASP.NET has been hit by ransomware over the weekend. This affected the company’s phone line as attackers had breached the networks and encrypted data on customer servers. The company’s website was restored after a day of the attack. The web hosting provider is currently working on restoring customer servers.

Top Malware Reported in the Last 24 Hours

Political-themed malware
A new malspam campaign that delivers a payload named Trump.exe has been noticed recently. The campaign attempts to deliver malware on victims’ systems. The emails pretend to be from banks and appear as if they are sent by the director of Global Risk for Visa company. They include compressed archives containing RTF files. These RTF files are responsible for retrieving a malicious PE32 executable from an attacker-controlled server using Dynamic Data Exchange (DDE).

New Titanium backdoor
A new stealthy-backdoor trojan named Titanium has been spotted by researchers lately. The malware is linked to the Platinum threat actor group. It is capable of infiltrating and taking control of targeted systems. The group employs a multi-step infection process to infect victims from South and Southeast Asia.

Top Vulnerabilities Reported in the Last 24 Hours

New updates on BlueKeep exploit
Microsoft’s Meltdown patch deployed on targeted machines has been found to be the main reason for the recent cryptomining attack that involved BlueKeep vulnerability. Researchers have uncovered that the Bluekeep attacks used an exploit based on a Metasploit module released in September. This caused the systems to crash while displaying a Blue Screen of Death (BSOD) error.

macOS Mail app vulnerability
A serious vulnerability that provides a way for users to read encrypted emails in plain text database has been uncovered in macOS Mail App. The bug exists in the latest macOS Catalina. The issue affects only a portion of users who send encrypted emails from Apple Mail on macOS Sierra to macOS Catalina.

Top Scams Reported in the Last 24 Hours

Beware of holiday scams
The Cybersecurity and Infrastructure Agency (CISA) has warned U.S. citizens to be wary of malicious holiday scams and campaigns that usually start during each year’s holiday season. The agency alerted users that cyber actors may send emails and ecards containing malicious links or attachments infected with malware. They may also send spoofed emails requesting support for fraudulent charities or causes. Thus, users should avoid opening attachments or clicking links that come from unsolicited sources. They should also be extra cautious when shopping online.

Fake Emirates newsletter
Emirates has warned users about a fake newsletter that is asking them to fill out a survey. The purpose of the campaign is to steal credit and personal details from users. The fake newsletter is sent via email with a subject line that reads, "Notification! You have been given THIS surprise".


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, November 12, 2019
Next
Cyware Daily Threat Intelligence, November 08, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.