Go to listing page

Cyware Daily Threat Intelligence, October 10, 2019

Cyware Daily Threat Intelligence, October 10, 2019

Share Blog Post

It’s time to install the update for a critical remote code execution vulnerability in the iTerm2 terminal app for macOS. The flaw which went unnoticed for seven years was discovered during a security audit by Mozilla Open Source Support. It resided in the tmux integration feature of iTerm2. The flaw could be abused to execute arbitrary commands on a user’s machine.

In another major security update, Intel and Nvidia have issued security advisories for a total of four flaws impacting their Next Unit of Computing (NUC) and Shield TV respectively. These flaws could lead to remote code execution, denial of service, escalation of privileges, and information disclosure. 

A new cyberespionage campaign targeting Russian-speaking users in Eastern Europe has also been observed in the past 24 hours. The campaign leverages an advanced malware strain Attor to spy on diplomats and government institutions.

Top Breaches Reported in the Last 24 Hours

Medical records exposed
Community-based healthcare system Methodist Hospitals from Gary, Indiana, has disclosed a security breach that occurred in the first half of 2019. The incident has affected the personal and medical information of 68,039 individuals. It occurred following successful phishing attacks against two of its employees. The information exposed in the breach includes names, addresses, health insurance numbers, social security numbers, passport numbers, and medical treatment information of patients. It also included financial account numbers, payment card information and electronic signature of individuals.

Top Malware Reported in the Last 24 Hours

Attor malware
An advanced malware strain named Attor has been found spying on diplomats and high-profile Russian-speaking users in Eastern Europe. The malware uses a highly-modularized architecture and is designed around a central component, called a dispatcher. The malware’s capabilities are included in its plugins. These features include network communication and the fingerprinting of GSM devices.

New malicious apps
Security experts have uncovered several new versions of potentially dangerous applications designed to spy on users. The newly discovered spyware are Program.Panspy.1.origin, Program.RealtimeSpy.1.origin, and Program.MonitorMinor. These spyware enable attackers to control text and phone calls, instant messages, track the location of services, and collect confidential information.

NSA issues a notice
After NCSC, NSA has now released a notice about multiple state-sponsored cyberespionage groups exploiting enterprise VPN flaws. The flaws exist in VPN products from Fortinet, Palo Alto Network, and Pulse Secure. Organizations are urged to apply security updates to address the issue.

Top Vulnerabilities Reported in the Last 24 Hours

iTunes' flaw abused
The operators of the BitPaymer ransomware have been spotted using a zero-day in iTunes for Windows. The purpose is to bypass antivirus detection on infected hosts. The vulnerability in question is ‘Unquoted Service Path’ and actually resides in the Bonjour updater component of the products. Apple has released a security patch for the flaw.

Justdial flaw affects 156 million accounts
A security bug in Justdial could allow hackers to log into any of its 156 million users accounts. This could enable criminals to access information such as names, phone numbers, email addresses, financial details, and transactions of users. The flaw existed in the site’s Register API used for sign-ups. Justdial has fixed the flaw after discovery.

Flawed Intel and Nvidia
Intel NUC mini-PC kit and Nvidia Shield TV are vulnerable to two high-severity flaws each. These flaws could enable code execution, denial of service, escalation of privileges, and information disclosure. The flaws impacting Nvidia Shield TV have been rated 7.6. On the other hand, the two flaws affecting Intel NUC have scored 7.5 on the CVSS scale.

RCE flaw in iTerm2
A 7-year old critical remote code execution vulnerability has been discovered in the GPL-licensed iTerm2 macOS terminal emulator app. The flaw, tracked as CVE-2019-9535, resides in the tmux integration feature of iTerm2. It could be exploited by an attacker to execute arbitrary commands by providing malicious output to the terminal.

vBulletin addresses flaws
vBulletin has published a new security patch update to address three high-severity flaws. The vulnerabilities could be exploited by remote attackers to take complete control over targeted web servers and steal sensitive user information. It affects versions prior to 5.5.4 of VBulletin.


intel nuc mini pc kit
bitpaymer ransomware
nvidia shield tv

Posted on: October 10, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.