Cyware Daily Threat Intelligence, November 14, 2019

See All
A day after the discovery of PureLocker, security researchers have come across another new ransomware named AnteFrigus. The ransomware has been first spotted in a Hookads malvertising campaign that redirects users to the RIG exploit kit. AnteFrigus only targets the data in  D:, E:, F:, G:, H:, and I: drives. After encryption, it appends a random character extension to encrypted files.

Several vulnerabilities affecting the Email Subscribers & Newsletter WordPress plugin has also been detected in the past 24 hours. These flaws can lead to information disclosure, blind SQL injection in the INSERT statement, insecure permissions, cross-site request forgery on Settings, and unauthenticated option creation.

In other development, a new and unique JavaScript payment card-skimmer called Pipka has been found to have infected at least 16 e-commerce websites. Just like other payment card skimmers, Pipka is designed to let attackers extract cardholder names, payment card account numbers, expiration dates, CVV numbers, and other details from the checkout pages of e-commerce sites. The malware evades detection by removing itself from a compromised website after it is successfully executed.

Top Breaches Reported in the Last 24 Hours

InfoTrax Systems’ 2016 hack incident
FTC and Infotrax Systems have come to a settlement over a data breach that lasted for nearly two years. The breach that happened due to the firm’s security lapse had affected around one million user records. The stolen information included social security numbers, payment card information, bank account information, user names, and passwords.

Solara Medical Supplies provides notice
Solara Medical Supplies, LLC has issued a notification about a security incident that occurred on June 28, 2019. The event took place after an unknown actor gained unauthorized access to some employee Office 365 accounts. The compromised information included names, addresses, birth dates, social security numbers, Employee ID, identification numbers, medical information, health insurance information and more.

Calibre CPA Group notifies a breach
Calibre CPA Group has disclosed a data breach that occurred between March 11, 2019, and May 7, 2019. The incident occurred after certain employee email accounts and a single Calibre server, were accessed by unauthorized actors. The breached information includes name, birth dates, social security numbers, driver’s license numbers, and the medical information of individuals.

Chinese hackers hack NAM
Chinese hackers hacked an industry group for U.S. manufacturers known as the National Association of Manufacturers (NAM) with an aim to gain intel on trade meetings. It is not yet determined what data was stolen, however, it is assumed that the motive was to steal information surrounding a meeting between President Trump and NAM President Jay Timmons.

Top Malware Reported in the Last 24 Hours

IMobile-Verify used in a scam
A malicious application called IMobile-Verify has been found to be part of a phishing scheme. The app is distributed via a phishing page that appears to part of an Indian income tax scam. The phishing page asks users to download the app to verify their mobile number. Once downloaded and installed, the application requests to become the default source for sending and receiving SMS.

AnteFrigus ransomware
A new ransomware dubbed AnteFrigus is now being distributed through malvertising that redirects users to the RIG exploit kit. It only targets drivers - D:, E:, F:, G:, H:, and I: -  commonly associated with removable devices and mapped network drives. Furthermore, the ransomware encrypts files that contain specific extensions. The ransomware appends a random character extension to encrypted files.

Pipka card-skimmer
Pipka is a newly discovered Javascript skimmer that has infected at least 16 e-commerce websites so far. The malware tries to evade detection by removing itself from the HTML code of a compromised website. Pipka is designed to let attackers extract cardholder names, payment card account numbers, expiration dates, CVV numbers and other details from the checkout pages of e-commerce sites.

APT33’s private VPN network disclosed
Iran’s elite state-sponsored hacking group APT33 has built and has been operating its own private network of VPN nodes. The group is leveraging the private network to connect to hacking infrastructure, perform reconnaissance and even for casual web browsing. It is also claimed that the group used the private VPN network to access websites of penetration testing companies, webmail, websites, and cryptocurrency hacking sites.

Top Vulnerabilities Reported in the Last 24 Hours

Red Hat responds to ZombieLoad 2
Red Hat has strongly suggested that all Red Hat systems be updated to mitigate three newly discovered flaws in certain Intel processors. These flaws, if exploited, can put sensitive data at risk. One of the three flaws is a variant of ZombieLoad discovered earlier this year.

VMware patches five flaws
VMware has rolled out security updates for five vulnerabilities which, if exploited, could lead to information disclosure or a denial of service situation. Three of these are important-rated vulnerabilities and impact VMware Workstation Pro / Player and VMware Fusion Pro/Fusion. These ‘important-rated’ vulnerabilities are CVE-2019-5540, CVE-2019-5541, and CVE-2019-5542.

Flawed Email Subscribers & Newsletters plugin
Multiple vulnerabilities have been discovered in the Email Subscribers & Newsletter WordPress plugin. The flaws could allow attackers to launch various attacks targeting vulnerable installations. These include information disclosure, blind SQL injection in the INSERT statement, insecure permissions, cross-site request forgery on Settings, and unauthenticated Option Creation. Users can mitigate the issues by updating the plugin to the latest versions 4.2.3 and 4.3.1.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, November 15, 2019
Next
Cyware Daily Threat Intelligence, November 13, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.