Go to listing page

Cyware Daily Threat Intelligence, August 07, 2019

Cyware Daily Threat Intelligence, August 07, 2019

Share Blog Post

A new speculative execution vulnerability is impacting Windows and Linux systems that use Intel processors. Dubbed ‘SWAPGS’, the vulnerability can allow attackers to secretly monitor and steal sensitive information from a targeted machine. It is reported that the vulnerability primarily affects Intel processors manufactured after 2012. 

The past 24 hours also the emergence of a new cryptojacking campaign that managed to infiltrate around half a million PCs to mine cryptocurrency and steal data. The campaign was carried out using an upgraded version of Smominru botnet. This botnet variant includes both cryptomining and data-stealing modules. 

New variants of Echobot botnet and Lokibot trojan were also observed in the past 24 hours. While the new version of Echobot exploits 59 RCE vulnerabilities to propagate into IoT devices, the new Lokibot variant uses steganography to conceal its source code.   

Top Breaches Reported in the Last 24 Hours

Over six million email addresses exposed
Approximately 6.2 million email addresses were exposed by the Democratic Senatorial Campaign Committee due to a misconfigured Amazon S3 bucket. The exposed data included email addresses from major email providers, universities, government agencies, and the US military. 

Over 50K records exposed
Pearson has informed the District 204 community that the data security incident related to AIMSweb 1.0 product has affected the data of approximately 49,000 students. The data also included around 2300 staff members’ first and last names and school email addresses. 
Vulnerable SuperINN impacts customer data
A vulnerability in the image upload function of SuperINN plus web application has impacted the personal data of around 46,000 customers across the globe. The compromised information includes customers’ names, addresses, phone numbers, email addresses, encrypted card numbers, and encrypted cardholder data. SuperINN.com has identified and rectified the issue. 

Top Malware Reported in the Last 24 Hours

Smominru botnet evolves
Smominru botnet has been updated to go far beyond cryptomining. It is now capable of stealing information from vulnerable targets. The botnet was used in a cyberespionage campaign that infiltrated nearly 500,000 systems worldwide. Smominru has been active since 2017 and is generally distributed using EternalBlue exploit kit. 

Warshipping attack technique
Security researchers have discovered a new ‘Warshipping’ attack technique that can allow attackers to disrupt the business operation and steal sensitive data. The attack can be executed using a warship device which is made up of a single-board computer (SBC). The technique can also be used to launch other active wireless attacks such as evil twin attacks.  

Echobot evolves
Threat actors have upgraded the infamous Echobot botnet to exploit 59 RCE vulnerabilities found in IoT devices. Some of these exploits are as old as 2010. Apart from exploits, the botnet variant also includes a high number of payloads to infect routers, cameras, smart home hubs, network-attached storage systems, servers, database management software, and Zeroshell distribution. 

Lokibot trojan evolves
Security researchers have discovered a new variant of Lokibot trojan that uses steganography to propagate into systems. The malware variant hides its source code inside .png files, found within archive files attached to phishing emails. The new strain of malware has been sent through phishing emails to at least 56 organizations.
Top Vulnerabilities Reported in the Last 24 Hours 

SWAPGS vulnerability
SWAPGS is a new speculative-execution vulnerability that affects Windows and Linux systems.The vulnerability tracked as CVE-2019-1125 can allow attackers to bypass safeguards and access sensitive information held in kernel memory. 

34 flaws in Kubernetes platform
A total of 34 flaws have been discovered in the highly-popular open-source container orchestration system Kubernetes. Four of these have been ranked as high-severity, 15 as medium-severity, eight as low-severity and seven are of no immediate danger. Kubernetes has released updates to fix these security issues. 

Cisco patches three flaws
Cisco has patched three critical bugs in one of its most popular products. The bugs are an authentication bypass (CVE-2019-1912), a remote code execution (CVE-2019-1913), and a command injection (CVE-2019-1914). The bugs affect Small Business 220 Series Smart Switches and exist in the switches' web management interface. 

Twitter fixes a serious flaw
Twitter has found and fixed a security flaw in its platform that may have caused some of its user data to be shared with advertising partners. The exposed data dates back to May 2018 and includes information such as users’ country code, their device type and their engagement with the ad.

Top Scams Reported in the Last 24 Hours

Amazon phishing scam
Scammers are using leveraging the Amazon website to steal login credentials from users. They have created a fake login page of Amazon and are sending the link as a PDF attachment through an email that pretends to be a tax invoice from the company. It asks the recipients to login to their accounts to view the tax invoice. Once the victim clicks on the PDF, they are redirected to the fake site which asks them to provide their username and password. 


lokibot trojan
echobot botnet
eternalblue exploit kit
smominru botnet
kubernetes platform
swapgs vulnerability

Posted on: August 07, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite