Go to listing page

Cyware Daily Threat Intelligence, September 11, 2019

Cyware Daily Threat Intelligence, September 11, 2019

Share Blog Post

With threat actors constantly looking for vulnerabilities in products, organizations and individuals should always be on their toes to implement security patches. As a part of September 2019 Patch Tuesday, Microsoft and Adobe have released a series of security updates to patch a wide range of vulnerabilities affecting their products. While Microsoft has fixed a total of 79 vulnerabilities affecting 15  of its products, Adobe has issued patches for three security flaws impacting two products.

While there is an explosion of security patches from different security vendors, a new form of vulnerability called NetCAT has been uncovered by researchers in the past 24 hours. The vulnerability affects all Intel chips that support the Data-Direct I/O Technology(DDIO) and Remote Direct Memory Access (RDMA) features.

In malware attacks, the notorious LokiBot trojan has made a comeback in a new malspam campaign targeting a large U.S. manufacturing company. The malware is distributed via phishing emails that appear to come from a trusted vendor. Once installed, the malware is capable of stealing a variety of credentials, including FTP passwords, stored email passwords, and passwords stored in the browser.

Top Breaches Reported in the Last 24 Hours

UNICEF leaks personal info
UNICEF had inadvertently leaked the personal information of 8,253 users on August 26, 2019. The affected users were those who accessed the online learning portal Agora. The exposed information included the names, email addresses, duty stations, gender, organizations, name of supervisor, and contract type of individuals.

Schools attacked
The Souderton Area School District and Wakulla County School District have fallen victim to ransomware attacks. The ransomware has encrypted computer files and kept them on hold until the owner pays a ransom.

Top Malware Reported in the Last 24 Hours

LokiBot trojan
A malspam campaign distributing the LokiBot information stealer has been discovered recently. The malware is propagated through phishing messages to target employees of a large U.S. manufacturing company. Once installed on a victim’s machine, LokiBot can harvest a variety of information such as FTP credentials, stored email passwords, passwords stored in the browser as well as a whole host of other credentials.

New Purple Fox fileless downloader
A new variant of Purple Fox fileless downloader malware has been found to be delivered via the RIG exploit kit. It includes additional exploits to its infection chain to ensure that it can still infect the system. Besides retrieving and executing cryptocurrency-mining threats, Purple Fox can also deliver other kinds of malware.

Cobalt Dickens targets 60 universities
An Iran-linked hacking group Cobalt Dickens has been found stealing login credentials from over 60 universities in the United States, the United Kingdom, Australia, Canada, Hong Kong, and Switzerland. The campaign tries to redirect victims to spoofed login pages.
Top Vulnerabilities Reported in the Last 24 Hours

NetCAT vulnerability
NetCAT (Network Cache ATtack) is a newly discovered vulnerability that affects all Intel chips which support the Data-Direct I/O Technology (Intel DDIO) and Remote Direct Memory Access (RDMA) features. Attackers can abuse the vulnerability to steal keystrokes from an active SSH session.

Vulnerable Verizon Wireless systems
A number of vulnerabilities discovered in Verizon Wireless systems could have exploited by hackers to gain access to 2 million customer contracts. The exposed contracts contained information such as full name, address, phone number model, the serial number of the acquired device and the customer’s signature.

Microsoft’ Patch Tuesday
Microsoft has patched 79 vulnerabilities across 15 of its products as a part of September 2019 Patch Tuesday. The affected products include Microsoft Windows, Internet Explorer, ChakraCore, .NET Framework, .NET Core, ASP.NET, Team Foundation Server and Project Rome. Two of these vulnerabilities are zero-day vulnerabilities and have been tracked as CVE-2019-1214 and CVE-2019-1215.

Adobe releases updates
Adobe’s September 2019 Patch Tuesday update has addressed two code execution bugs in the Flash Player. In addition to these, a DLL hijacking flaw in the Application Manager has also been addressed by the firm. The two code execution flaws are CVE-2019-8070 and CVE-2019-8069. The DLL hijacking vulnerability has been designated with ID number CVE-2019-8976.

Bugs in D-Link and Comba Telecom
Networking gear from D-Link and Combo Telecom are impacted by multiple vulnerabilities. These flaws can allow attackers to retrieve sensitive information like ISP credentials and device access passwords without authentication. The affected products are DSL-2875AL, DSL-2877AL, AC2400 WiFi access controller, and the AP2600-I-A02 and the AP2600 indoor access points.


lokibot trojan
cobalt dickens
netcat vulnerability
purple fox fileless downloader

Posted on: September 11, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.