Cyware Daily Threat Intelligence, September 04, 2019

Share Blog Post

Vulnerable plugins can pose a serious threat as they can be abused to deliver malware or steal sensitive information from websites. Lately, security researchers have uncovered a massive ongoing malvertising campaign targeting millions of WordPress sites. The campaign which is active since July 2019, is being carried out by exploiting vulnerabilities in popular plugins such as Bold Page Builder, Bold Designer, Live Chat with Facebook Messenger, and WP Live Chat Support.

The past 24 hours also witnessed the emergence of a new malware downloader and a new toolkit. While Domen social engineering toolkit is used to display fake browser and software update alerts on compromised sites, Ostap malware downloader makes use of a Microsoft Word 2007 macro-enabled document in order to propagate its malware payloads into victims’ machines.

Top Breaches Reported in the Last 24 Hours

Providence Health Plan data breached
Providence Health Plan is notifying as many as 122,000 health plan members that their insurance information may be at risk. The incident came to light after it was notified by Dominion National of possible unauthorized access. Dominion National and Providence Health Plan have no evidence that any information was viewed, accessed or has been misused.

Russell Stover Chocolates affected
Russell Stover Chocolates, LLC recently became aware of a data security incident that potentially affected payment cards for some customers. The incident occurred after hackers gained access to Russell Stover’s PoS systems through malware. The firm has notified law enforcement agencies about the incident.

Top Malware Reported in the Last 24 Hours

Millions of WordPress sites targeted
Cybercriminals have targeted millions of WordPress sites in a massive malvertising campaign. They have managed to pull off the campaign by exploiting the vulnerabilities that reside in some of the most popular plugins such as Bold Page Builder, Bold Designer, Live Chat with Facebook Messenger, and WP Live Chat Support.

Domen toolkit
A newly discovered Domen social engineering toolkit has been found infecting users’ machines with malware. The toolkit is used to display fake browser and software update alerts on compromised sites. The toolkit supports the creation of alerts using 30 different languages and is designed to target both desktop and mobile users.

Ostap downloader
Threat actors are increasingly using a new Ostap malware downloader to deliver Trickbot trojan. The malware downloader is distributed through emails as a Microsoft Word 2007 macro-enabled document which contains two components - a VBA macro and JScript. The emails are themed as purchase orders, suggesting that the campaigns are likely intended to target businesses rather than individuals.

Phishing campaign
Researchers from Cofense have spotted a new phishing campaign that uses SharePoint sites to bypass secure email gateways and target banks with phishing URLs. The emails are sent from compromised accounts, asking the targets to review a legal assessor's proposal via a URL embedded within the message. The URL links to an attacker-controlled SharePoint site.  

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Zyxel devices
Multiple security vulnerabilities have been discovered in various Zyxel devices. The flaws arise due to the use of unauthenticated DNS requests and hardcoded FTP credentials. One of the flaws impacts Zyxel security and networking devices from the USG, UAG, ATP, VPN, and NXC products. Updates to fix the issues have been released at the end of August.

Vulnerable Epignosis eFront
Two serious vulnerabilities have been found affecting Epignosis eFront. While the first flaw could allow an attacker to remotely execute code on the victim system, the second flaw opens the victim machine to SQL injections. Epignosis has addressed the issues in eFront version 5.2.13.


domen toolkit
malvertising campaign
providence health plan
epignosis efront
ostap downloader

Posted on: September 04, 2019

Get the Daily Threat Briefing delivered to your email!

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!