Cyware Daily Threat Intelligence, November 17, 2020

Share Blog Post

The past 24 hours underscored the big impact of security threats on enterprises and governments. While some suffered data breaches, others have been found to contain critical vulnerabilities just waiting to be exploited. FunnyDream, a Chinese APT campaign operating since 2018, was discovered to be targeting government sector victims in Southeast Asia. The tactics, techniques, and procedures used by the group were found to be highly sophisticated and effective.

In a shocking revelation, an ElasticSearch database was left exposed by attackers, uncovering an attack campaign that compromised the Facebook accounts of at least 100,000 victims. Meanwhile, API bugs were discovered in Amazon Web Services (AWS) that put a few of its services under potential threat by attackers. The issue arises from the proactive validation of all resource-based policies by the AWS backend. 

Top Breaches Reported in the Last 24 Hours

Bug in Bumble
An API bug in Bumble potentially leaked the personal information of around 100 million users. The impacted information included astrological signs, political leanings, education, height and weight, and distance away in miles.

Cyberattack hits Americold
Cold storage giant Americold was hit by a cyberattack affecting its operations, including order fulfillment, inventory management, and phone and email systems. The company has immediately shut down its operations to contain the implications of the attack. Moreover, it is suspected to be a ransomware attack although no details have been disclosed by Americold.

Exposed ElasticSearch database
An ElasticSearch database was left exposed by attackers, revealing an attack that compromised the Facebook accounts of at least 100,000 victims. The global attack involved the threat actors stealing login credentials of the victims to share spam comments, redirecting people to various scam websites. These websites all led to a fake Bitcoin trading platform. 

Top Malware Reported in the Last 24 Hours

Malsmoke Zloader attack
As a part of the Malsmoke campaign, threat actors are luring adult website visitors through malvertising attacks, redirecting them to malicious websites. A fake Java update pops up on the website. On clicking on the update button, the Zloader banking malware is downloaded.

Chinese cyberespionage attack
A targeted cyberespionage attack on potential government sector victims in Southeast Asia was revealed and is expected to be in operation since 2018. The malware tools, including Chinoxy backdoor, PcShare RAT, and FunnyDream backdoor binaries, used by the Chinese APT actors were found to be highly sophisticated.

Top Vulnerabilities Reported in the Last 24 Hours

Citrix SD-WAN bug
Three security bugs found in the Citrix SD-WAN platform could allow RCE and network takeover. The bugs comprise an unauthenticated path traversal and shell injection problem in stop_ping (CVE-2020–8271); a ConfigEditor authentication bypass (CVE-2020–8272); and a CreateAzureDeployment shell injection issue (CVE-2020–8273).

Critical RCE flaw in CSM
A researcher publicly disclosed PoC code for 12 vulnerabilities impacting the web interface of the Cisco Security Manager (CSM). These bugs allow an unauthenticated hacker to conduct remote code execution. The vulnerability arises due to improper validation of directory traversal character sequences within requests to an affected device, stated Cisco in its advisory.

AWS APIs leak user information
Unit 42 researchers spotted 22 Amazon Web Services (AWS) APIs across 16 different AWS services that can be exploited to reveal the AWS Identity and Access Management (IAM) users and roles in random accounts. The services under potential threat include Amazon Simple Queue Service, Amazon Simple Storage Service, and Amazon Key Management Service.


 Tags

facebook users
funnydream apt
bumble dating app
americold
zloader malware
cisco security manager
citrix sd wan

Posted on: November 17, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!