Cyware Daily Threat Intelligence, October 14, 2020

Share Blog post

TrickBot has survived the takedown attempt! It has been found that the trojan operators have replaced the seized C2 servers and domains with new infrastructure. Researchers anticipate that the operators will attempt to revive their operations soon.

There has also been a discovery of a new framework named SolarSys. Built to distribute trojans, the framework is composed of JavaScript backdoors, mail worms, and multiple spy modules. It is being actively used in Brazil.

In other news, Microsoft has issued patches for 87 security vulnerabilities as part of October 202 Patch Tuesday. The affected product includes Windows, Office, Web Apps, Azure Functions, Open Source Software, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and the Windows Codecs Library.

Top Breaches Reported in the Last 24 Hours

teamDigital exposes data
teamDigital had exposed a trove of clients’ data due to misconfigured environment files. The leaked data included MastercardNexus Twitter API keys, MySQL database username, and plaintext password, and other data related to Mastercard.

Top Malware Reported in the Last 24 Hours

TrickBot returns
Days after the takedown of its backend infrastructure, TrickBot trojan is back in the picture by replacing the seized C2 servers and domains with new ones. The takedown attempt was carried out in a collaborative action from researchers of Microsoft, Symantec, ESET, and others.

New malware framework
Researchers have detected a new malware framework, named SolarSys, being actively used in Brazil. The framework, primarily used to distribute, is composed of JavaScript backdoors, mail worms, and multiple spy modules. The framework uses dozens of dynamic domain names as C2 server addresses, in addition to the DGA algorithm to generate domain names randomly.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft fixes 87 flaws
Microsoft has rolled out patches for 87 security vulnerabilities, out of which 11 are critical. The patches are for flaws affecting Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, Open Source Software, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and the Windows Codecs Library.

Adobe patches a flaw
Adobe has patched a critical arbitrary code execution vulnerability in its Flash Player. Tracked as CVE-2020-9746, the vulnerability can lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user.

Google publishes details of a flaw
Google has published details about a high-severity flaw affecting the Bluetooth stack in the Linux kernel versions below Linux 5.9 that support BlueZ. Tracked as CVE-2020-12351, the flaw can allow an unauthenticated user to potentially enable the escalation of privileges.

Cisco Talos releases advisories
Cisco Talos has released the details of several remotely exploitable DoS vulnerabilities in the Allen-Bradley adapter manufactured by Rockwell Automation. A remote, unauthenticated attacker can exploit these flaws by sending specially crafted packets.

Foxit issues patches
Foxit has released patches to address several high-risk vulnerabilities affecting both Windows and macOS versions of its PhantomPDF application. One of these flaws could result in code injection or information disclosure. Two of these vulnerabilities are considered medium risk.

Top Scams Reported in the Last 24 Hours

Canva abused for phishing
Canva design platform is being actively abused by threat actors to redirect users to fake login forms. The spam email pretends to be a SharePoint eFax delivery notification and includes a phishing link hosted on canva.com. Clicking on the link brings a victim to the final phishing landing page, where they are prompted to log in to see the document.

 Tags

trickbot malware
teamdigital
solarsys
javascript backdoors
canva design platform
cisco talos

Posted on: October 14, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!