Cyware Daily Threat Intelligence, September 15, 2020

Share Blog post

Federal authorities have issued an alert about an ongoing attack campaign that exploits the vulnerabilities in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs, and Microsoft Exchange servers. A CISA advisory on the matter reveals that China-based threat actors have successfully exploited these vulnerable software to target public and private organizations in the U.S.

Furthermore, the agencies have also warned about vulnerabilities in Philips’ patient monitoring software. These flaws could result in unauthorized access, interrupted monitoring, and collection of patient data.

In the past 24 hours, a new attack technique that abuses Windows ‘finger.exe’ command to exfiltrate files has also come to light. The method can allow attackers to get past firewall rules and communicate with servers over the unrestricted ports for HTTP(S).

Top Breaches Reported in the Last 24 Hours

Privacy bug exposes data
A privacy bug in Vote Joe app allowed anyone to view sensitive voter information of millions of Americans. The exposed data included voter’s home address, date of birth, gender, ethnicity, and political party affiliation. The flaw was fixed and an updated version of the app was pushed later.

Wales patients data leaked
Personal data related to 18,105 Wales residents who tested positive for COVID-19 was uploaded by mistake to a public server. The data was viewed 56 times before it was taken offline. The exposed data included dates of birth, geographical area, and gender of individuals.

Staples discloses data breach
The American office retail company, Staples, has revealed that order data related to some of its customers have been accessed by malicious actors. The retailer is yet to determine what exactly was accessed in the breach but order details could contain names, addresses, email addresses, phone numbers, last four credit card digits, and detail about the orders.

Magento stores attacked
Attackers compromised almost 2,000 Adobe Magento-based online stores to steal credit card details of customers. This is one of the largest waves of automated Magento attacks since 2015. Of the hacked stores, the majority were found using Magento version 1, which no longer receives security updates since June 2020.

FSC app hacked
Hackers accessed the Veteran Affairs’ Financial Services Center (FSC) online app and diverted payments intended for healthcare providers. The incident also affected the personal information of around 46,000 U.S. veterans.

Top Vulnerabilities Reported in the Last 24 Hours

Abuse of Windows command
A PoC on how attackers can abuse a Windows command, ‘finger.exe,’ to exfiltrate or download files from target systems has been released by a researcher. The method can allow attackers to get past firewall rules and communicate with servers over the unrestricted ports for HTTP(S). According to the researcher, C2 commands can be masked as finger queries that fetch files and exfiltrate data, without Windows Defender detecting the anomalous activity.

Vulnerable WS-Trust protocol
Critical vulnerabilities in mMulti-factor authentication protocols based on the WS-Trust security standards can allow hackers to access cloud applications, including Microsoft 365. The flaws, that have existed for years, arise due to faulty implementation of the WS-Trust specification. By exploiting these flaws, attackers can gain access to complete details of the target’s account, including mail, files, contacts, and data.

Mass exploitation of vulnerabilities
The U.S. government has issued a warning about ongoing mass exploitation of flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs, and Microsoft Exchange servers. As per a CISA alert, Chinese threat actors have successfully compromised different government and private sectors in recent months, by exploiting these vulnerable servers and VPNs.

Vulnerable Philips devices
Federal authorities and Philips have issued security alerts about vulnerabilities in the company’s patient monitoring software. The flaws are found in certain versions of the Philips IntelliVue Patient Monitor system, the Patient Information Center iX, or PIC iX, software, and PerformanceBridge Focal Point. They are related to improper authentication, cross-site scripting, improper input validation, and improper check for certificate revocation.

 Tags

pulse secure vpns
f5 big ip devices
staples inc
citrix vpns
microsoft exchange servers

Posted on: September 15, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!