Go to listing page

Cyware Daily Threat Intelligence, October 09, 2019

Cyware Daily Threat Intelligence, October 09, 2019

Share Blog Post

Applying security patches to operating systems, devices and applications on time is critical to ensure the security of systems. In the latest Patch Tuesday update, Microsoft and Google have rolled out a series of security updates to address vulnerabilities found in multiple products. While Microsoft has fixed a total of 59 flaws affecting its Chakra scripting engine, Internet Explorer, Windows, Edge, Office, and Azure, Google has issued patches for three critical-severity vulnerabilities in the Media framework of its Android operating system.

A new instance of researchers foiling a massive malspam campaign has also come to light in the past 24 hours. The campaign was carried out during early July and targeted roughly 100 organizations in several countries. The purpose of the campaign was to spread the LokiBot trojan and steal sensitive information. The attackers leveraged a remote code execution vulnerability in the Microsoft Office Equation Editor component to launch the attack.

Top Breaches Reported in the Last 24 Hours

Volusion breached
Cybercriminals have breached the infrastructure of Volusion to impact more than 6,500 online stores. Sesame Street Live online store is highly impacted by the breach that has been carried out to steal payment details of users through malicious code. The incident is similar to a Magecart attack or web card skimming attack.

Over 957,000 records exposed
An unprotected database belonging to Freedom Healthcare Staffing had left more than 957,000 records exposed on the internet for one year. The exposed data included intimate details of employees like marital status and various internal communication records. IP addresses, ports, pathways, storage data, job seeker and recruiter data were among the other data compromised.

Medical center attacked
Cancer Treatment Centers of America at Southeastern Regional Medical Center in Atlanta is notifying 3,290 patients about a phishing attack that took place in July 2019. The incident took place after an employee fell victim to a phishing email. This gave hackers unauthorized access to the personal details of patients.

Top Malware Reported in the Last 24 Hours

Malspam campaign
Roughly 100 organizations across the world were targeted in a large scale spear-phishing attack during early July. The campaign was used to distribute LokiBot information stealing trojan. The targeted organization included companies from the UAE, Germany, and Portugal. The attackers used specially-tailored content to target organizations. They also leveraged a remote code execution vulnerability in the Microsoft Office Equation Editor component to launch the malware successfully. However, the Microsoft Defender APT team foiled the attack in its early stages.

Security alert issued
France’s cybersecurity agency has published an alert about cyberespionage campaigns targeting the infrastructure of service providers and engineering firms. The agency has compiled the report with information from recent ANSSI investigations following incident response activities. The report includes information about coordinated Chinese attacks, large-scale phishing attacks, and credential gathering campaigns.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft fixes 59 bugs
Microsoft Corporation has released security updates for 59 vulnerabilities found across its multiple products. Nine of these flaws are rated ‘Critical’. The security flaws affect Microsoft’s Chakra scripting engine, Internet Explorer, Windows, Edge, Office, and Azure. The critical flaws are CVE-2019-1366, CVE-2019-1307, CVE-2019-1308 and CVE-2019-1335, CVE-2019-1238 and CVE-2019-1239, CVE-2019-1333, CVE-2019-1060, and CVE-2019-1372.

Google issues patches
Google has issued fixes for three critical-severity vulnerabilities in the Media framework of its Android operating system. The flaws could be exploited to execute malicious code on victims’ devices. The three flaws are CVE-2019-2184, CVE-2019-2185, and CVE-2019-2186.

SAP fixes eight issues
SAP has fixed eight CVE-listed flaws as a part of this month’s Patch Tuesday. Amongst these, CVE-2019-0379 and CVE-2019-0380 are the most serious bugs. While the former is a security bypass bug in NetWeaver, the latter is an information Disclosure bug in SAP Landscape Management.

Samsung rolls out updates
Samsung has warned its users about 21 critical security vulnerabilities that affect its Galaxy and Note devices. Out of these, 17 vulnerabilities are related to Samsung One UI and four of them are related to Android. Three out of 21 have been rated as ‘High’. The vulnerabilities affect Samsung Galaxy S8, S9, S10, S10e, S10 Plus, S10 5G, Note 9, Note 10, and Note 10 Plus.

Vulnerable TwinCAT
Beckhoff’s TwinCAT system is affected by a couple of vulnerabilities that could lead to denial-of-service (DoS) attacks. One of the flaws is tracked as CVE-2019-5637 which arises when TwinCAT is configured to use a Profinet driver. Some of the other flaws are CVE-2019-5636, CVE-2019-5636 and CVE-2019-5637.

Top Scams Reported in the Last 24 Hours

Fake Amazon AWS suspension notice
A phishing campaign that pretends to be an Amazon AWS suspension notice for unpaid bills in tricking many users. The campaign is carried out through an email that goes with a subject line of "Your service has now been suspended". It asks the recipients to pay an overdue amount of $4.95 by clicking on a link attached to the email. Once clicked, the recipients are taken to a fake Amazon AWS login page located at a site whose URL starts with aws.amazon.com. The page has been designed to steal users’ login credentials.

 Tags

malspam campaign
microsoft 365
twincat
fake amazon aws
credential stuffing

Posted on: October 09, 2019


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite