Cyware Daily Threat Intelligence, October 22, 2020

Share Blog Post

Cybersecurity threats have gone a long way as threat actors come up with a variety of new malware. In the past 24 hours, security researchers came across three new malware with enhanced capabilities. The newly discovered malware are Cliptomaner miner, T-RAT, and KashmirBlack botnet. While the Cliptomaner and KashmirBlack botnet have been found to be extensively used to mine cryptocurrencies, the T-RAT’s capabilities include stealing passwords, cookies, deploying a keylogger, recording audio files, taking screenshots, and retrieving clipboard contents.

The past 24 hours also saw Oracle releasing 402 patches as part of the Critical Patch Update for vulnerabilities found across its products. Over 80 of these flaws are classified as ‘Critical’ and have CVSS scores of 9.8.

Top Breaches Reported in the Last 24 Hours

MAXEX exposes data
Atlanta-based MAXEX exposed its software development platform that caused the leak of mortgage applications and academic transcript. Among the other data leaked, it included confidential banking documents, system login credentials, emails, the company’s data breach incident response policy, and reports from penetration tests.  

Scalable Capital’s data leak
Scalable Capital has fallen victim to a data leak, affecting the data of around 20,000 clients. The breached data includes contact information, securities accounts, tax identification numbers, accounts with other banks, and ID details.

Top Malware Reported in the Last 24 Hours

New Cliptomaner miner
Cliptomaner is a miner detected in September 2020. Similar to XMRig, the malware is capable of substituting cryptocurrency wallet addresses in the clipboard. The malware is distributed under the guise of software for Realtek audio equipment. 

Variants of PowGoop downloader
Researchers have discovered variants of a new downloader, named PowGoop, in a cyberespionage attack launched by the MuddyWater threat actor group. The attack is carried out against government agencies in the Middle East region. The malware downloader is a part of MuddyWater’s suite of custom tools for compromising targets and extending their infiltration into networks.

KashmirBlack botnet
A new botnet called KashmirBlack botnet has compromised hundreds of thousands of machines in an attempt to mine cryptocurrencies, deface sites, and launch email spams. The botnet uses DevOps techniques to drive agility and ensure new payloads and exploits can be added fairly easily. 

New T-RAT malware
Security researchers have discovered a new remote access trojan named T-RAT being sold on Russian-speaking underground forums at a price of $45. The primary capability of the trojan is that it can be controlled on infected computers via a Telegram channel. Besides, the RAT can be used to steal passwords, cookies, deploy a keylogger, record audio files, take screenshots, and retrieve clipboard contents. 

Top Vulnerabilities Reported in the Last 24 Hours

Oracle issues 402 security patches
Oracle has issued 402 security patches for vulnerabilities impacting its products. More than half of the 402 new security patches included in this month’s CPU can be exploited remotely without authentication. Over 80 of the patches addressed critical-severity bugs, most of them with CVSS scores of 9.8. 

QNAP issues advisory
QNAP has issued an advisory to warn customers that certain versions of QTS are affected by the Zerologon vulnerability. The flaw exists in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) and has been addressed in the August 2020 Patch Tuesday.
 
Cisco patches 17 vulnerabilities
Cisco has released patches for 17 high-severity vulnerabilities found in Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC). The flaws can be exploited remotely without authentication, bypass FMC authentication, cause a DoS condition, bypass the secure boot mechanism, and execute commands with root privileges.

Loginizer plugin receives an update
Loginizer, a popular WordPress plugin, has received updates following the discovery of a severe vulnerability. The flaw could have allowed cybercriminals to completely compromise WordPress sites. It can be exploited with a carefully-crafted username. 

Vulnerable WAGO controllers
Nearly 41 vulnerabilities discovered in WAGO’s PFC200 and PFC100 controllers have been fixed with the release of firmware update. The flaws could allow attackers to gain root privileges on the device. 

Vulnerable Lightning Network
The team behind Lightning Network has published extensive details on the vulnerabilities discovered in the cryptocurrency protocol and its software implementations. Attackers can exploit these flaws to launch DoS attacks and to disrupt cryptocurrency transactions between two parties.

Top Scams Reported in the Last 24 Hours

Marks & Spencer spoofed
Scammers are impersonating Steve Rowe, the CEO of Marks & Spencer, in an attempt to trick users into sharing their bank account details. The scammers are posting fraudulent online adverts that promise victims the chance to win a gift voucher as part of a fictitious prize draw promotion. These fake ads are uploaded on Facebook from an unverified page titled ‘Marks & Spencer Store’.

 Tags

scalable capital
kashmirblack botnet
t rat
cliptomaner miner
powgoop downloader
maxex

Posted on: October 22, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!