Cyware Daily Threat Intelligence, September 11, 2020

Share Blog Post

Vulnerable plugins can pose a serious threat as they can be abused to deliver malware or steal sensitive information from websites. In a new discovery, researchers have uncovered that threat actors are actively exploiting a critical remote code execution vulnerability in the File Manager plugin that runs on over 600,000 WordPress sites. The flaw can allow unauthenticated attackers to execute arbitrary code on sites.

Ransomware attacks on several organizations also grabbed headlines in the last 24 hours. The major one included attacks on companies and hospitals in Thailand. The data center giant, Equinix, was also targeted by NetWalker ransomware attackers who demanded a ransom of $4.5 million to prevent the leak of stolen data.

Top Breaches Reported in the Last 24 Hours

Equinix hit
Data center giant, Equinix, has been hit with a NetWalker ransomware where attackers are demanding a ransom of $4.5 million for a decryptor and to prevent the release of stolen data. Some of the files stolen from the firm include data related to finance, payroll, accounting, audits, and data center reports.

Razer’s data leak incident
A misconfigured Elasticsearch database at Razer had potentially affected the personal data of an estimated 100,000 customers. The exposed data included full names, email addresses, phone numbers, customer internal IDs, order numbers, order details, billing, and shipping addresses of users. The database was secured after the firm was made aware of the incident.

SoftServe attacked
SoftServe was attacked by ransomware on September 1. This led to a potential theft of their customers’ source code. To prevent the further spread of the attack, the IT service provider had immediately disconnected its clients’ networks.

Maze ransomware attack
Maze ransomware gang has successfully targeted Fairfax County Public Schools in Virginia. As proof of the attack, the attackers have uploaded a zip file containing 2% of the stolen data.

Thai hospitals and companies attacked
Several hospitals and companies in Thailand were hit in a series of ransomware attacks that affected their computer systems. Some of these companies paid the demanded ransom in order to restore their systems.

Top Malware Reported in the Last 24 Hours

Adult-themed websites abused
A cybercrime group, named Malsmoke, has been found placing malicious ads on adult-themed websites to redirect users to exploit kits and infect them with malware. The exploit kits leverage the vulnerabilities in Adobe Flash Player and Internet Explorer to install malware such as Smoke Loader, Raccoon Stealer, and ZLoader.

Top Vulnerabilities Reported in the Last 24 Hours

File Manager flaw exploited
In a new report, researchers have found that threat actors are actively exploiting a critical code execution flaw in the File Manager plugin that runs on over 600,000 WordPress sites. The flaw can allow unauthenticated attackers to execute arbitrary code on vulnerable sites. The administrators of WordPress sites are urged to update the plugin to the latest version to prevent attacks.

Top Scams Reported in the Last 24 Hours

Phishing attack
Threat actors have come up with a clever technique to steal Office 365 login credentials. The phishing attack, which is aimed at a senior executive of an American company, also performs verification of submitted credentials in real-time to make sure that they get valid credentials from the company’s Active Directory. It is carried out through phishing emails that include an attachment referring to an internal financial report. Opening the attachment results in the launch of a web page that looks like the Office 365 login page.


file manager flaw
maze ransomware

Posted on: September 11, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!