Go to listing page

Cyware Daily Threat Intelligence, September 16, 2019

Cyware Daily Threat Intelligence, September 16, 2019

Share Blog Post

A pool of 13 IoT devices manufactured by different vendors has been found to be impacted by a total of 125 vulnerabilities. Security researchers have explained that all these devices are affected by at least one web application vulnerability such as cross-site scripting (XSS), operating system command injection (OS CMDi), and SQL injection (SQLi). The affected device manufacturers include Belkin, TP-Link, Asus, and Linksys.

The past 24 hours saw a major code update in Nemty ransomware. The ransomware, which was first discovered in August 2019, has now been updated to kill processes and services. The updated variant targets nine different processes such as WordPad, Microsoft Word, Excel, Outlook Thunderbird email clients, SQL, and the VirtualBox software.

A new destructive ransomware named Ordinypt Wiper was also uncovered in the past 24 hours. The malware is distributed through phishing emails and targets German-speaking users.   

Top Breaches Reported in the Last 24 Hours

Unprotected Elasticsearch database
An unprotected Elasticsearch database belonging to Novaestart has leaked around 18GB of data. This has impacted over 20 million individuals in Ecuador. The exposed information appears to be obtained from third-party sources including Ecuadorian government registries, an automotive association called AEADE, and an Ecuadorian national bank named Biess.

Carle Foundation Hospital data breach
Carle Foundation Hospital in Urbana, Illinois, has suffered a data breach. It occurred after an unauthorized third-party gained access to three employees’ email accounts. The compromised email accounts contained patient information such as names, medical record numbers, dates of birth, and clinical information such as diagnosis and treatment plan.

Top Malware Reported in the Last 24 Hours

Ordinypt Wiper
A new spam campaign disguised as a job application from a person named ‘Eva Ritcher’ has been found distributing the destructive malware ‘Ordinypt Wiper’. The campaign targets German-speaking users and has been spotted to be active since September 11, 2019. The email includes a zip file attachment which if opened, initiates the download of the malware.

Nemty ransomware updated
A new version of Nemty ransomware has been discovered by security researchers. The new version targets nine different processes like WordPad, Microsoft Word, Excel, Outlook Thunderbird email clients, SQL, and the VirtualBox software. It has also extended the list of blacklisted countries which include Azerbaijan, Armenia, Kyrgyzstan, and Moldova.

Top Vulnerabilities Reported in the Last 24 Hours

Bypass flaw in iOS 13
A bypass vulnerability in the beta version of iOS 13 can allow hackers to harvest contact details from the victim’s phonebook on locked devices. However, to exploit this hack, the device needs to support Siri for the VoiceOver feature and the attacker needs access to the device.

LastPass fixes a critical flaw
Password manager LastPass has released an update last week to fix a security bug that exposes credentials on a previously visited site. The vulnerability can be exploited by disguising a malicious link behind a Google Translate URL and tricking users into visiting the link. This could then allow the attackers to extract credentials from a previously visited site. The issue has been fixed in the latest version 4.33.0 of LastPass.

Bug in WhatsApp feature
A security researcher has discovered that WhatsApp’s ‘Delete for Everyone’ feature does not delete media files sent to iPhone users as it does for Android devices. The researcher claims that the feature for iOS has not been designed to delete received media files saved in the iPhone’s Camera Roll. As per the functionality, the feature is only available within 1 hour, 8 minutes and 16 seconds of sending a message on WhatsApp.

Vulnerable LED wristbands
The LED wristbands using the industrial protocol DMX512 (Digital MultipleX 512) can be easily hacked and their packet structure can be reconstructed. After examining one of the wristbands, the researchers found out that it is based on a CC113L receiver, which is the receiver-only version of the CC1101 transceiver made by Texas Instruments.

Vulnerable IoT devices
A total of 125 vulnerabilities have been found impacting 13 IoT devices offered by vendors like Belkin, TP-Link, Asus, and Linksys. These vulnerabilities include at least one web application vulnerability like cross-site scripting (XSS), operating system command injection (OS CMDi), or SQL injection (SQLi). These vulnerabilities could be leveraged by an attacker to get remote access to the device’s shell or gain access to the device’s administrative panel.

Top Scams Reported in the Last 24 Hours

SMS phishing scam
A fraudulent SMS ‘phishing’ scam in which online shoppers are asked to pay VAT in order to exempt themselves from any customs duties has been doing rounds on the internet. The French custom officials have asked citizens to be wary of such messages. The message asks internet users who had made an online purchase to pay €1.95 in VAT to avoid customs duties and then include a link to an online payment site. Making the payment also traps the victims into subscribing to unwanted additional services.


cross site scripting xss flaw
nemty ransomware
ordinypt wiper

Posted on: September 16, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite