Cyware Daily Threat Intelligence, October 21, 2020

Share Blog Post

Following the recent takedown operation, it looks like TrickBot operators are struggling to reinstate their servers. In a new discovery, researchers found that a list of control servers included in the configuration files have failed to respond to TrickBot’s requests. The incident came to light on October 19, wherein Emotet was used to distribute TrickBot. Despite the major fail, researchers claim that there are still a number of controllers based in Brazil, Colombia, Indonesia, and Kyrgyzstan that respond to TrickBot.

In other news, the NSA has issued an advisory about the top 25 vulnerabilities exploited by Chinese hackers. One of them is a flaw affecting multiple carrier-grade routers that run the Cisco IOS XR software.

Google released Chrome version 86.0.4240.111 with a patch for an actively exploited zero-day memory corruption vulnerability. According to researchers, a threat actor was spotted abusing the bug to mount attacks against Chrome users.

Top Breaches Reported in the Last 24 Hours

Pfizer leaks data
Pharma giant Pfizer had left the private medical data of users exposed on the internet for several months due to an unprotected Google Cloud storage bucket. The data, which dated back to October 2018, included full names, home addresses, email addresses, phone numbers, and medical status of users. The bucket was secured on September 23.

Public transport system affected
Montreal's Société de transport de Montréal (STM) public transport system was hit in a RansomEXX ransomware attack on October 19, which impacted its services and online systems. While these outages did not affect the operation of buses or metro systems, people with disabilities relying on the online registration system for paratransit service were impacted.

TPS affected
Cybercriminals have exfiltrated and published nearly 9GB of sensitive data belonging to Toledo Public Schools (TPS). The information leaked includes names, addresses, dates of birth, phone numbers, and social security numbers.

Top Malware Reported in the Last 24 Hours

Update on TrickBot’s return
Control servers included in the configuration file of new TrickBot samples fail to respond to bot requests, according to researchers. The incident was observed while analyzing an attack campaign in which Emotet was used to distribute TrickBot. Despite this, researchers claim that there are still a number of working controllers based in Brazil, Colombia, Indonesia, and Kyrgyzstan that respond to TrickBot requests.

Top Vulnerabilities Reported in the Last 24 Hours

VMware releases patches
VMware has issued patches for six vulnerabilities affecting its ESXi, Workstation, Fusion, Cloud Foundation, and NSX-T products. The most severe of these is a use-after-free vulnerability in the ESXi hypervisor that can be exploited via the network to run malicious code on the target host.

Chrome version 86.0.4240.111 released
Google has released Chrome version 86.0.4240.111 with a patch for an actively exploited zero-day vulnerability. The zero-day, tracked as CVE-2020-15999, is described as a memory corruption bug. It exists in the FreeType font rendering library that’s included with standard Chrome distributions.

Cisco issues a warning
Cisco has issued a warning about the active exploitation of a high-severity vulnerability, CVE-2020-3118. It affects multiple carrier-grade routers that run the company’s Cisco IOS XR software. The U.S National Security Agency (NSA) has also included the flaw among the top 25 security vulnerabilities currently targeted by Chinese state-sponsored threat actors.

Adobe releases another update
Adobe has issued a second out-of-band security update to patch critical vulnerabilities across numerous software products. The impacted products include Adobe Illustrator, Dreamweaver, Marketo, Animate, After Effects, Photoshop, Premiere Pro, Media Encoder, and InDesign.

 Tags

pfizer inc
trickbot malware
emotet
vmware
toledo public schools tps
cisco ios xr software

Posted on: October 21, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!