Cyware Daily Threat Intelligence, November 13, 2019

See All
The cyberspace saw a mixture of crucial security updates and new vulnerabilities in the past 24 hours. As a part of its November 2019 Patch Tuesday, Microsoft has patched a total of 74 flaws found in its products. The updates also include a fix for a severe zero-day vulnerability in Internet Explorer that is being exploited in the wild. In other security updates, Intel and STMelectronics have fixed two new vulnerabilities which are collectively known as TPM-FAIL. The flaws can allow an attacker to retrieve cryptographic keys stored inside the Trusted Platform Module (TPM).

Coming to bugs, security researchers have uncovered a new speculative vulnerability called ZombieLoad 2. The vulnerability targets the Transactional Synchronization Extensions (TSX) feature in Intel processors. By abusing the vulnerability, local attackers can steal sensitive data from the operating system or other processes.

A pool of 11 security issues has also been uncovered in the 5G network. All of these vulnerabilities can be exploited on the existing 4G and the new 5G networks using a low-cost software-defined radio.

Top Breaches Reported in the Last 24 Hours

Starling notifies a breach
Connecticut-based healthcare group Starling has notified its patients about a data security incident that occurred due to a phishing attack. This has affected certain patients’ names, addresses, birth dates, passport numbers, social security numbers, medical information, and health insurance details and billing information. The firm has secured the affected email accounts and hired a forensic security firm.

Labor Party attacked again
Labor Party has suffered a second DDoS attack in less than 24 hours after the first attack. It is unclear if the same hackers were behind the attack. The party is confident that no data breach has occurred this time too as it has robust security systems.  

Top Malware Reported in the Last 24 Hours

PureLocker ransomware
PureLocker is a newly discovered ransomware written in PureBasic language. It has been linked to a Malware-as-a-Service (MaaS) provider that has been used by the Cobalt gang, Fin6, and other groups. The malware comes with several evasion methods and features that have allowed it to remain undetected for months. PureLocker uses the standard AES+RSA combination to encrypt files. It appends the encrypted files with .cr1 extension.

MTProxy servers suffer DDoS attack
Arvan Cloud, an Iranian cloud services provider, experienced DDoS attacks through MTProxy servers that are quite frequently used by Telegram users in the country where Telegram is banned. The attacks started on November 6 and subsided towards the end of the week. The attackers targeted Arvan Cloud edge servers.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft fixes 74 flaws
As a part of November 2019 Patch Tuesday edition, Microsoft has released updates to fix at least 74 flaws found across its products. The updates include patches for a zero-day flaw in Internet Explorer that is currently being exploited in the wild as well as a sneaky bug in certain versions of Office for Mac.

ZombieLoad 2
A new speculative vulnerability called ZombieLoad 2 or TSX Asynchronous Abort, has been disclosed by researchers. The vulnerability targets the Transactional Synchronization Extensions (TSX) feature in Intel processors. By abusing this vulnerability, local attackers can steal sensitive data from the operating system or other processes.

TPM-FAIL
A team of academics has disclosed two vulnerabilities collectively known as TPM-FAIL. The flaws could allow an attacker to retrieve cryptographic keys stored inside the Trusted Platform Module (TPM) of a processor. The first vulnerability is CVE-2019-11090 and impacts Intel’s Platform Trust Technology (PTT). The second vulnerability is CVE-2019-16863 and impacts the ST33 TPM chip made by STMicroelectronics. Both the flaws have been fixed by the firms.

McAfee patches an LPE bug
McAfee has patched a security vulnerability discovered in all editions of its Antivirus software for Windows. Tracked as Local Privilege Escalation (LPE) CVE-2019-3648, the flaw can enable potential attackers to escalate privileges and execute code using SYSTEM privileges. The flaw affects MTP, AVP, and MIS versions up to 16.0.R22.

Bad Windows drivers
Experts have uncovered new vulnerabilities in widely distributed Windows drivers which could be exploited to take over Windows systems, including the device’s system and component firmware. These vulnerable drivers directly affect Intel devices. Two of the vulnerable drivers were quietly patched in August by Intel but a third driver, Intel PMxDrv has been found to be far more difficult to clean up.

Adobe patches vulnerable products
Adobe has issued security updates to address issues in systems running unpatched Illustrator, Animate CC, Bridge CC and Media Encoder versions. The issues could allow attackers to execute malicious code remotely, elevate privileges, and gain unauthorized access to information.

11 vulnerabilities detected in 5G
A tool named 5GReasoner has detected 11 new vulnerabilities in 5G. Some of these flaws can be exploited on the existing 4G network. All of the new attacks can be exploited by anyone with practical knowledge of 4G and 5G networks using a low-cost software-defined radio.

35 bugs in 8 enclave SDKs
A total of eight open-source enclave SDKs have been found to be affected with 35 vulnerabilities. The flaws can be exploited to run malicious code inside a computer’s enclave  - a secure area of a CPU. All issues have been privately reported and patches are available.

Top Scams Reported in the Last 24 Hours

Loyalty rewards misused
Loyalty rewards have become a goldmine for cyber crooks. Given the ease with which they can be used, scammers can buy gift cards or merchandise to resell online and book flights or hotels. Electronic gift cards are the favorite way to turn loyalty rewards into cash.

Stolen card-as-a-service
A Russian man has been charged for running a stolen payment card trading ring that was responsible for $20 million worth of fraud. The man faces charges of access device fraud, conspiracy to commit access device fraud, wire fraud, conspiracy to commit wire fraud, Identity theft, computer intrusion, and money laundering.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, November 14, 2019
Next
Cyware Daily Threat Intelligence, November 12, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.