Cyware Daily Threat Intelligence, September 16, 2020

Share Blog post

The perks of Bluetooth technology come with several security risks and one such threat has been identified by a group of academics. Discovered as a new Bluetooth Low Energy Spoofing Attacks (BLESA), it affects billions of IoT devices, including smartphones and laptops. Successful exploitation of the flaw can allow threat actors to connect with a device and send spoofed data to it.

Moreover, researchers have successfully hacked Facebook by exploiting three recently discovered vulnerabilities in MobileIron’s Mobile Device Management system. These flaws were reported to MobileIron in March and a patch was released later.

Top Breaches Reported in the Last 24 Hours

800,000 keys exposed
Researchers have found almost 800,000 access keys and secrets from repositories and files uploaded to GitHub, GitLab, and Pastebin. Over 40% of these keys can grant access to database stores, while 38% to cloud environments, such as AWS, Google Cloud, and Microsoft Azure.

St. Louis County fends off attack
St. Louis County prevented a cyberattack earlier this month that was launched on its website. Threat actors had mimicked legitimate traffic in an effort to exploit a vulnerability in the website’s management system and deploy a trojan.

LockBit double extortion site launched
LockBit ransomware gang has launched a new data leak site as part of their double extortion strategy to scare victims into paying a ransom. Since the end of 2019, the gang had adopted the tactic of stealing unencrypted files before encrypting the computers on a network.

Top Malware Reported in the Last 24 Hours

New MrbMiner malware
A new cyber gang named MbrMiner has been found hacking into Microsoft SQL Servers (MSSQL) to install a cryptomining malware with the same name. So far, the attackers have infected thousands of MSSQL databases. The infection process includes the download of an assm.exe file to gain persistence and add a backdoor for future access. The backdoor connects with the C2 server and downloads a malicious app designed to mine Monero cryptocurrency.

Top Vulnerabilities Reported in the Last 24 Hours

BLESA flaw
A team of academics has discovered a new Bluetooth Low Energy Spoofing Attacks (BLESA) flaw that affects billions of IoT devices. It exploits a vulnerability that arises from the authentication mechanism used while reconnecting with Bluetooth-enabled devices. Successful exploitation of the flaw can allow threat actors to connect with a device and send spoofed data to it. As of June 2020, while Apple has assigned the CVE-2020-9770 to the vulnerability and fixed it

Vulnerable Nitro PDF reader
Cisco Talos has listed multiple code execution vulnerabilities in the Nitro PDF reader. The flaws are tracked as CVE-2020-6116, CVE-2020-6146, CVE-2020-6112, CVE-2020-6113, and CVE-2020-6115. These flaws affect Nitro Pro PDF versions 13.13.2.242 and 13.16.2.300.

MobileIron’s flaws exploited
Researchers managed to hack into Facebook by exploiting three vulnerabilities in MobileIron’s Mobile Device Management system. The flaws were identified as arbitrary file reading (CVE-2020-15507), remote code execution (CVE-2020-15505), and authentication bypass (CVE-2020-15506).

Top Scams Reported in the Last 24 Hours

New Smishing campaign
A new Smishing campaign is using the United States Postal Service (USPS) as a disguise to target mobile users. The fake SMSes claim to contain information about a USPS package for recipients and ask them to click on a link containing the domain ‘m9sxv[.]info’. The purpose of the campaign is to steal victims’ personal details.

 Tags

mobileiron
st louis county
nitro pdf reader
mrbminer malware
bluetooth low energy spoofing attacks blesa

Posted on: September 16, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!