Cyware Daily Threat Intelligence, November 24, 2020

Share Blog Post

WordPress is the most widely used web framework, both for business websites and for personal blogs. Unfortunately, this popularity attracts the attention of bad actors as well. In a newly discovered attack campaign, researchers have found threat actors targeting vulnerable WordPress sites in a bid to hijack original sites’ search engine ranking and promote online scams.

A new malware family called WAPDropper has also been found stealthily targeting Android phone users in Thailand and Malaysia to subscribe to premium services. Currently distributed in the wild, the malware is distributed via malicious apps hosted on third-party app stores.

Top Breaches Reported in the Last 24 Hours

Baidu apps leak sensitive data
A pair of Baidu apps on the Google Play Store - Baidu Search Box and Baidu Maps - was recently leaking users’ sensitive data that could be used to track users’ location. The applications had left approximately 6 million users’ data exposed, following which they were removed by Google immediately.

Peatix’s data leak incident
A data leak incident at Peatix has affected the data of more than 4.2 million registered users. The data has been leaked by a hacker through ads posted via Instagram stories, on Telegram channels, and on different hacking forums. The leaked data includes full names, usernames, emails, and salted and hashed passwords.

Corcoran Group exposes data
The Corcoran Group secured a database that was responsible for exposing a total of 30.7 million files on the Internet. The exposed files were related to property owners and included their physical addresses, names, and other details. The database was publicly accessible for nearly four months before it was secured.

Ransomware target tax files
Ransomware gangs are targeting tax software files in an attempt to harvest highly sensitive data. Some of the ransomware involved in these attacks are Mount Locker and LockBit.

LSU affected
Data of thousands of patients was exposed following a cyber attack on Louisiana State University medical centers. The incident occurred due to an intrusion into an employee’s email box on September 15.

Top Malware Reported in the Last 24 Hours

New WAPDropper malware
A new malware family called WAPDropper has been found stealthily targeting mobile phone users to subscribe to premium services. The multi-function dropper is delivered as second-stage malware and uses a machine learning solution to bypass image-based CAPTCHA challenges.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft releases an out-of-band patch
Microsoft has released an out-of-band patch for Windows to address authentication issues related to a recently patched Kerberos vulnerability. The issue (CVE-2020-17049) is related to the PerformTicketSignature registry subkey value in the Kerberos Key Distribution Center (KDC).

Faulty smart doorbells
Around a dozen smart doorbells are affected by high-risk vulnerabilities that can allow threat actors to gain unauthorized access to owners’ names, passwords, photos, emails, and locations. According to the research, the issues are related to the hardware, associated applications, and servers used to transfer data.

Hacking WordPress sites
A new cybercrime gang has been found taking over vulnerable WordPress sites to install malicious e-commerce stores with the purpose of hijacking original sites’ search engine ranking and promoting online scams. To accomplish this, the attackers are leveraging brute force attacks to gain access to the sites’ admin accounts.

VMware releases temporary workarounds
VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by attackers to take control of affected systems. The flaw, tracked as CVE-2020-4006, is a command injection vulnerability which scores 9.1 on the CVSS scale. It impacts VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.

 Tags

baidu apps
wordpress sites
corcoran group
vmware
wapdropper
louisiana state university

Posted on: November 24, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!