Cyware Daily Threat Intelligence, September 18, 2020

Share Blog post

Impersonation scams are highly successful in hitting their targets and this time, one such scam has affected at least 100 U.K business owners. The scam tricked the recipients into believing that the email was from Her Majesty’s Revenue and Custom (HMRC) and pilfered personal information from them.

Several healthcare firms have been added to the list of victims in the massive Blackbaud ransomware attack. The newly added organizations are Children’s Minnesota, Allina Health, Regions Hospital, and Gillette Children’s Specialty Healthcare.

Meanwhile, the infamous Maze ransomware gang has been found to add a new evasion technique to its arsenal. It has adopted a technique of the Ragnar Locker gang that involves hiding the malware in a Virtual Machine.

Top Breaches Reported in the Last 24 Hours

Children’s Minnesota affected
Children’s Minnesota disclosed that the personal information of over 160,000 patients and donors were compromised in the attack on Blackbaud. The cloud computing company, which managed databases for the firm, was hit in a ransomware attack in May. Children’s Minnesota has notified the affected patients about the data breach. The newly added victim organizations also include Allina Health, Regions Hospital, and Gillette Children’s Specialty Healthcare.

Top Malware Reported in the Last 24 Hours

Maze goes Ragnar Locker’s way
Maze ransomware operators have borrowed an evasion technique from Ragnar Locker operators to spread its malware faster across the network. It involves hiding the malware payload inside a virtual machine, a technique that was adopted by Ragnar Locker attackers this May. The Maze gang had leveraged the method in one of its attacks in July.

Top Vulnerabilities Reported in the Last 24 Hours

XSS bug in Ruby Gem
A potential cross-site scripting (XSS) bug found in the popular Ruby Gem, Action View, has been fixed with the release of the latest versions. The flaw is in Action View’s translation helpers, which attempts to translate user input. It can allow attackers to inject malicious code into the web application framework. The XSS issue has been patched in Rails versions 6.0.3.3 and 5.2.4.4, as well as the project’s master, 6-0-stable, and 5-2-stable branches on GitHub.

Drupal addresses multiple flaws
Drupal has addressed multiple information disclosure and XSS vulnerabilities in the popular CMS. The most severe of these is CVE-2020-13668 and affects Drupal versions 8 and 9. The flaw can be exploited by leveraging the way HTML is rendered for affected forms.

Top Scams Reported in the Last 24 Hours

Business owners targeted
U.K business owners have been targeted in a new phishing scam that attempts to pilfer sensitive information from them. The scammers impersonate Her Majesty’s Revenue and Custom (HMRC) and send emails to victims, informing that their VAT deferral has been rejected. The email further asks the recipients to fill a form enquiring about their personal information. At least, 100 business owners have so far been affected by the scam.

 Tags

drupal flaw
xss bug
maze ransomware
ragnar locker ransomware
childrens minnesota

Posted on: September 18, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!