Cyware Daily Threat Intelligence, September 13, 2019

See All
Threat actors sometimes dish out new malware in order to stealthily launch large scale attacks. The past 24 hours saw the emergence of two new malware - InnfiRAT and WiryJMPer. While InnfiRAT is specialized in the theft of cryptocurrency-related data, the newly discovered WiryJMPer malware downloader is used to drop Netwire RAT.

In a major discovery, security researchers have uncovered that there are some systems across the globe that are still vulnerable to the well-known Heartbleed vulnerability. The flaw, which is tracked as CVE-2014-0160, exists in the OpenSSL cryptography library. It damages the security of communication between SSL and TLS servers and clients.

Meanwhile, NETGEAR has released a firmware update to fix two DoS vulnerabilities. The vulnerabilities affect NETGEAR N300 wireless routers. The vulnerabilities can be triggered by attackers by sending specially crafted HTTP requests.

Top Breaches Reported in the Last 24 Hours

Entercom attacked
Philadelphia-based broadcasting company Entercom Communications was barred from accessing its systems following a ransomware attack. The attackers demanded a ransom of $500,000 to unlock the impacted systems. The incident has forced some radio stations to complete music logs manually and run without commercials.

Garmin SA suffers a breach
Garmin Southern Africa (Garmin SA) notified its customers about a data breach that affected their payment and personal information. The information was stolen from orders placed on the shop.gramin.co.za shopping portal. The compromised payment information included card number, expiration date, CVV code. Customers’ full names, physical addresses, phone numbers, and email addresses were among the other details exposed.

Top Malware Reported in the Last 24 Hours

InnfiRAT trojan
InnfiRAT is a newly discovered trojan that is specialized in the theft of cryptocurrency-related data. The malware spread through drive-by-download attacks or phishing emails that contain malicious attachments. Once executed, it makes a copy of itself and hides in the AppData directory.

WiryJMPer malware downloader
Security researchers have uncovered a new malware downloader named WiryJMPer. The malware is used to drop Netwire RAT which includes keylogging and password-stealing features. WiryJMPer has been designed with several anti-analysis techniques to evade detection.

Astaroth trojan
A cybercriminal group who is only targeting Brazilians, have been found extensively using trusted names, legitimate Windows services, and Cloudflare Workers to inject the Astaroth trojan. The current campaign has been found targeting victims using emails that are written in Portuguese and disguised as an invoice, show ticket, or civil lawsuit.

WatchBog botnet
The WatchBog cryptocurrency-mining botnet is heavily reliant on the Pastebin website for C&C operations. The botnet is active since last year and is focused on leveraging Linux-based systems to mine for the Monero virtual currency. It mainly targets known vulnerabilities, such as Jenkins’ CVE-2018-1000861, Jira’s CVE-2019-11581, Exim’s CVE-2019-10149, and Solr’s CVE-2019-0192.

Top Vulnerabilities Reported in the Last 24 Hours

PoC for CVE-2019-1208 revealed
Proof-of-Concept for a use-after-free (UAF) vulnerability affecting Internet Explorer and Microsoft has been revealed. The vulnerability is designated with the CVE ID number CVE-2019-1208. The flaw can enable an attacker to remotely execute arbitrary code.

DoS vulnerabilities
Firmware update for DoS vulnerabilities affecting NETGEAR N300 wireless routers has been issued recently. The two DoS vulnerabilities are CVE-2019-5054 and CVE-2019-5055. NETGEAR has addressed the issues with version 1.0.0.72.

Heartbleed vulnerability
Heartbleed vulnerability was introduced and fixed in 2014. However, there are still some unpatched systems. Heartbleed is a code flaw that exists in the OpenSSL cryptography library. It has been assigned as CVE-2014-0160.

Wireshark 3.0.4 released
Wireshark 3.0.4 has been released with a fix for several vulnerabilities. The vulnerability affects versions 3.0.0 to 3.0.3, 2.6.0 to 2.6.10 and it has been fixed with 3.0.4, 2.6.11.

Top Scams Reported in the Last 24 Hours

Sextortion scam
Residents of Ireland are being targeted by an aggressive email sextortion scam that accuses recipients of being pedophiles. The scammers threaten the victims to expose them unless a ransom of 5,000 GBP is paid. Victims are sent emails with the unpleasant subject lines from someone claiming to be an internet security specialist affiliated with the Anonymous group. The recipients are informed that their systems are infected with spyware that can record victims’ inappropriate activities.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, September 16, 2019
Next
Cyware Daily Threat Intelligence, September 12, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.