Go to listing page

Cyware Daily Threat Intelligence, October 15, 2019

Cyware Daily Threat Intelligence, October 15, 2019

Share Blog Post

Legacy software can increase the scope of cyberattacks. New research has revealed that nearly 61 mobile operators across 29 countries are using an outdated software named S@T Browser which is vulnerable to Simjacker attack. Attackers can exploit the technology to compromise targeted mobile phones and spy on victims without their knowledge.

The past 24 hours also saw researchers uncovering a new arsenal of the China-based Winnti group. The group was found using a new backdoor malware named PortReuse to infect servers of a high-profile Asian mobile hardware and software manufacturer.

Emotet trojan also made a comeback in a new campaign in the past 24 hours. The campaign leveraged a phishing email that claimed to deliver a ‘SOC weekly report’ in the form of a Microsoft Word document.

Top Breaches Reported in the Last 24 Hours

Pitney Bowes attacked
Shipping giant Pitney Bowes disclosed that information on some of its systems was encrypted following a malware attack. The company's mailing system products and online accounting reports were affected by the incident. This has caused disruption to its client services and other corporate processes. However, there is no evidence that customer or employee data was improperly accessed.

M6 Group hit by ransomware
France-based M6 Group had fallen victim to a ransomware attack over the weekend. The firm had managed to contain the infection with the help of its cybersecurity staff, preventing any downtime for any of its ten TV channels, radio stations, and film studios. However, its phone lines and email servers continue to remain down due to the attack.

Top Malware Reported in the Last 24 Hours

Winnti group returns
Winnti Group is back with a new modular Windows backdoor malware. Dubbed as PortReuse, the malware is used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. Experts have detected multiple variants of the backdoor, each of them targeting different ports and services including DNS over TCP (53), HTTP (80), HTTPS (443), Remote Desktop Protocol (3389) and Windows Remote Management (5985).

Emotet is back
A new phishing email campaign that claims to deliver a ‘SOC weekly report’ is delivering the infamous Emotet trojan. The email includes a well-obfuscated Microsoft Word document which if opened, enables malicious macros embedded in it. These macros ultimately initiate the download and installation of Emotet.

Top Vulnerabilities Reported in the Last 24 Hours

Simjacker vulnerability
A new form of vulnerability named Simjacker in SIM cards can allow remote attackers to compromise targeted mobile phones and spy on victims without their knowledge. The vulnerability actually arises due to a legacy technology called S@T Browser. The technology is widely used by at least 61 mobile operators operating in 29 different countries.

Sudo utility flaw
Linux users have been urged to update the sudo package to the latest versions in order to address a security bypass issue. The flaw tracked as CVE-2019-14287 can be exploited by attackers or a malicious program to execute arbitrary commands as root on a targeted Linux system.

Bug found in Samsung Galaxy S10
A bug in Samsung Galaxy S10 allows bypassing the fingerprint reader to unlock the phone regardless of the biometric data registered in the device. Though any fingerprint can be used to register in the biometric settings of the device, the phone unlocks no matter what finger is used for the process.

 Tags

security bypass issue
m6 group
simjacker attack
pitney bowes
winnti group

Posted on: October 15, 2019


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite