Cyware Daily Threat Intelligence, October 30, 2020

Share Blog Post

Another day, another new attack campaign around mass exploitation of vulnerabilities. This time, threat actors targeted vulnerabilities in Google Chrome and Internet Explorer to install two new backdoors as part of a cyberespionage campaign dubbed Operation Earth Kitsune. The two new backdoors were dneSpy and agfSpy -  that can exfiltrate system information and enable additional control of the compromised machine.

Meanwhile, Microsoft issued a new advisory on the active exploitation of the Zerologon flaw. It urged firms to patch their Windows systems with the latest updates to prevent attacks. 

Top Breaches Reported in the Last 24 Hours

Ransomware attacks
Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network are the latest victims of the Ryuk ransomware attack spree. To prevent the spread of the attack, Wyckoff Hospital had shut down portions of its network. Meanwhile, Vermont healthcare notified the FBI about the matter.  

Over 1GB of data released
The DoppelPaymer ransomware gang has released over 1GB of unencrypted data stolen from Hall County, Georgia. The attack had occurred on October 7, impacting their networks and phone systems. 

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft warns about Zerologon
Threat actors continue to exploit the Zerologon vulnerability, according to Microsoft. Hence, the IT giant has renewed its advisory, prompting businesses to update their Windows systems. The flaw, tracked as CVE-2020-1472, can allow an attacker to spoof a domain controller account and then use it to steal domain credentials and take over the domain.

Browser vulnerabilities exploited
Vulnerabilities affecting Google Chrome (CVE-2019-5782) and Internet Explorer (CVE-2020-0674) were exploited in the ‘Operation Earth Kitsune’ cyberespionage campaign to deploy backdoors—dneSpy and agfSpy. The attacks were observed during the months of March, May, and September.  

NVIDIA releases a patch
NVIDIA has released a patch for a critical bug in its high-performance line of DGX servers. The flaw, assigned with CVE number CVE-2020-11487, opens the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune100 companies. 

Vulnerable OpenEMR
Several vulnerabilities found in the OpenEMR software could be exploited by remote hackers to obtain medical records and compromise healthcare infrastructure. The flaws affected OpenEMR 5.0.2.1. 

 Tags

openemr
zerologon
operation earth kitsune
nvidia
dnespy

Posted on: October 30, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!