Go to listing page

Cyware Daily Threat Intelligence, October 04, 2019

Cyware Daily Threat Intelligence, October 04, 2019

Share Blog Post

Cybersecurity threats have gone a long way as threat actors come up with a variety of new malware. In the past 24 hours, security researchers have uncovered two new malware that are used against enterprise networks. The newly discovered malware are Lemon_Duck and Reductor. While Lemon_Duck is used to take control of CPU resources to mine cryptocurrencies, Reductor can allow attackers to manipulate HTTPS traffic.

A new form of cryptographic attack dubbed Minerva has also been discovered in the past 24 hours. The attack can be used to recover private keys from some smart cards and cryptographic libraries. Older Athena IDProtect smart cards along with WolfSSL, MatrixSSL, Crypto++, Oracle SunEC, and Libgcrypt crypto libraries are vulnerable to the attack.

In a major data breach, personal details of around 92 million Brazilians have been found to be put up for auction on underground forums. The starting price for the auction is $15,000 with a step up bid of $1,000. The details include names, dates of birth, and taxpayer ID of individuals.

Top Breaches Reported in the Last 24 Hours

92 million Brazilians’ details sold
A group named X4Crow is auctioning the personal information of 92 million Brazilian citizens on underground forums. The starting price for the auction is $15,000 with a step up bid of $1,000. The database contains 16GB of data that includes names, dates of birth, and taxpayer ID of individuals.

Restaurant chains attacked
Four restaurant chains in the U.S. had their payment systems compromised with malware. This allowed attackers to steal a trove of payment card details of customers. The affected restaurant chains are McAlister's Deli, Moe’s Southwest Grill, Schlotzsky’s, and Hy-Vee.

Website hacked
Hackers have stolen data from a website where users discuss highly personal and explicit adult topics. The data is being traded among low-level hackers and data collectors. According to a post on a cybercrime forum, the data was stolen from the website running vulnerable vBulletin software sometime in September. The compromised data includes email addresses, usernames, IP addresses, and hashed passwords.

Top Malware Reported in the Last 24 Hours

Lemon_Duck malware campaign
Security researchers have uncovered a new malware called Lemon_Duck that controls CPU resources to mine cryptocurrencies. The malware spreads rapidly through enterprise networks via fileless script execution. Once it finds a remote machine with a responsive script, it attempts brute-force attacks to take control of it.

DDoS booters
DDoS booters or DDoS stressors are abusing macOS systems to launch DDoS attacks. For this, the attackers are leveraging Apple Remote Management Service (ARMS) that is a part of the Apple Remote Desktop (ARD) feature. Nearly 40,000 macOS systems that have ARD feature enabled are vulnerable to the attack.

Malicious security scanner
A malicious Windows Security Scanner that is propagated via a spam email has been found encrypting files on victims’ systems. The email purports to be from Microsoft and has a subject line of ‘Virus Detection on Your Computer!’ It asks the recipient to download the link attached within the email to scan the trojan detected on the system.

Minerva attack
Minerva is a newly discovered cryptographic attack that impacts Athena IDProtect smart cards which are used in the government and private sector as access cards. The attack can be successfully launched on smart cards that use the Atment Toolbox cryptographic library. Researchers believe that other smart cards such as those from Valid, SafeNet and TecSec are also vulnerable to the attack.

Reductor malware
Researchers have discovered a new malware strain, dubbed Reductor, that allows hackers to manipulate HTTPS traffic. This can be done by tweaking a browser’s random numbers generator, used to ensure a private connection between the client and the server. It infects the systems that are already affected by COMpfun malware.
Top Vulnerabilities Reported in the Last 24 Hours

Cisco releases security advisories
Cisco has released 10 security advisories that describe 18 vulnerabilities in its ASA software, FMC software, and FTD software. All of the vulnerabilities have a Security Impact Rating of ‘High’. Successful exploitation of vulnerabilities can allow an attacker to gain unauthorized access, gain elevated privileges, execute arbitrary commands, or cause a denial of service (DoS) condition on an affected device.

Foxit Reader tool patched
Popular PDF software Foxit Reader has patched eight high-severity flaws that exist on Windows versions of the software. The flaws could enable a remote attacker to execute arbitrary code on vulnerable systems. The flaws have been addressed in the latest version 9.7 of Foxit Reader.

Zero-day vulnerability
A zero-day vulnerability tracked as CVE-2019-2215 is affecting the Android mobile operating system. Termed as a use-after-free vulnerability, the flaw affects the Android kernel’s binder driver. It could be exploited by a local privileged attacker or a malicious app to escalate privileges to gain root access to a vulnerable device.


ddos booters
minerva attack
foxit reader
lemon duck
reductor malware

Posted on: October 04, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite