Go to listing page

Cyware Daily Threat Intelligence, August 09, 2019

Cyware Daily Threat Intelligence, August 09, 2019

Share Blog Post

Malicious actors are lately using sophisticated attack techniques to target their victims. In a major cyberespionage campaign, security researchers found threat actors using the watering hole strategy as an infection vector to target Chinese-speaking users. The campaign has been active since at least 2017 and made use of known WinRAR and RTF file vulnerabilities to gain initial entry into the targeted systems. The purpose of the campaign was to deliver several backdoor malware including Sality.

A remote code execution bug in VoIP phones manufactured by Avaya went unnoticed for 10 years until it was patched recently. The flaw affects Avaya 9600 series IP Deskphone, J100 Series IP Phones and B100 Series Conference Phones (B189). It could allow an attacker to gain access to a root shell on the phone.

A zero-day privilege escalation vulnerability affecting Steam game client for Windows was also uncovered in the past 24 hours. Steam has over 100 million registered users and the flaw could allow an attacker to run a malicious program with elevated privileges.

Top Breaches Reported in the Last 24 Hours

US Election systems exposed online
More than 30 US election systems over the last year have been left exposed online and were susceptible to hackers. These systems are made by the company Election Systems & Software. The affected counties are in Wisconsin, Michigan, and Florida among others. The issue does not affect electronic voting machines. It impacts the SFTP server and firewall that some polling places use to speedily transmit vote.

Air New Zealand suffers a breach
A data breach at Air New Zealand has affected approximately 112,000 customers. The compromised accounts exposed the personal information of customers' membership profiles. However, no Airpoints accounts and credit card details were compromised in the breach.

Oyster account compromised
Transport for London disclosed that a few online Oyster travel smartcard accounts have been compromised in a credential stuffing attack. Attackers accessed customers’ Oyster accounts using a list of stolen usernames and passwords obtained from other sources. Upon learning the incident, TfL suspended online Oyster card accounts and has implemented additional security measures to prevent further intrusion.

Top Malware Reported in the Last 24 Hours

Watering hole attack
Researchers have discovered a new malware campaign that has been active since 2017. It uses a watering hole strategy to attack Chinese language speakers. In order to gain initial entry, the attackers exploit two well-known vulnerabilities in WinRAR ( CVE-2018-20250) and RTF files ( CVE-2017-11882). While the flaw in WinRAR is exploited to deliver a Sality backdoor, the RTF flaw is used to deploy a fake .doc file that downloads123.sct payload. This payload later downloads a backdoor that is similar to Sality.

Varenyky spambot
Customers of Orange S.A., a French ISP, are being targeted by a new spambot trojan named Varenyky. The malware is distributed through a phishing email that pretends to be a fake invoice bill. The email includes a Microsoft Word document, which if opened, executes malicious macros.

Top Vulnerabilities Reported in the Last 24 Hours

10-year-old RCE bug
A 10-year-old remote code execution bug in VoIP phones manufactured by Avaya was patched recently. The vulnerability tracked as CVE-2009-0692, affected Avaya 9600 series IP Deskphone, J100 Series IP Phones, and B100 Series Conference Phones (B189). The flaw could be abused to gain access to a root shell on the phone. It could also allow an attacker to reverse-engineer the file on the phone.

Steam impacted by a zero-day flaw
Security researchers have uncovered a zero-day privilege escalation vulnerability in the Steam game client for Windows. The vulnerability could allow an attacker to run a program with administrator privileges. The flaw could affect over 100 million Steam users.

Algorithm flaws in websites
Algorithm complexity vulnerabilities in the PDF reader, remote desktop server, and a popular strength evaluation tool can cause these applications to crash. Such flaws can be exploited to take down websites much easily as compared to a DoS attack. The flaws were identified by researchers using a public tool called ACsploit.

Vulnerable Siemens S7 PLC
Critical vulnerabilities have been discovered in the Siemens S7 Simatic programmable logic controller (PLC). The flaws can be exploited to disrupt the PLC’s functions and gain control of its operations.

Top Scams Reported in the Last 24 Hours

Lateral phishing
Spammers are increasingly exploiting registration, subscription, and feedback forms on legitimate websites to insert spam content or phishing links. The purpose behind this is to bypass the email filter gateways while getting the spam message delivered to recipients. This allows the spammers to harvest personal data of targeted users.

Sextortion scam
Police in Norfolk county is warning citizens about a sextortion scam that blackmails users visiting adult websites. The scammers send an email stating that their account on the website has been hacked. In order to retrieve their accounts, the scammers demand a ransom in the form of bitcoin. 


oyster account
sextortion scam
siemens s7 plc
watering hole attack
varenyky spambot

Posted on: August 09, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite