Among the various attack vectors, unpatched vulnerabilities have always been a favored entrance route for threat actors to gain access to victims’ devices. Government agencies in the U.S. and the U.K are highlighting again this aspect as they issued a new advisory to warn organizations about the exploitation of an old vulnerability in Cisco routers. Fancy Bear (aka APT28) is making the most of the situation to deploy a custom malware, named Jaguar Tooth.

In other news, Oracle ensured security across its vulnerable products by releasing over 400 security patches. Over 250 of these addressed flaws could be exploited remotely and without authentication.

There’s also an update on a new attack tactic adopted by the Play ransomware group. It involves the use of two new .NET-based tools that enable attackers to enumerate users in compromised networks and gather information about security, backup, and remote administration software.

Top Breaches Reported in the Last 24 Hours

Misconfigured servers expose data

Researchers indexed more than 8,000 misconfigured servers that exposed sensitive information and database backups to the public. Furthermore, over 18,000 comma-separated value files and another 2,000 SQL database files could also be accessed without any authentication. This huge volume of exposed data can be used by attackers to launch malicious attacks.

The Philippines police records exposed

A misconfigured database exposed more than 1.2 million police records on the internet. The database also included 800 GB of information on people who applied for employment in law enforcement in the Philippines, along with documents on tax identification numbers of law enforcers. It is believed that the database has been left exposed for at least six weeks.

Top Malware Reported in the Last 24 Hours

New tools for Play ransomware group

The Play ransomware group has added two custom tools written in .NET to expand the effectiveness of its attacks. Named Grixba and Volume Shadow Copy Service (VSS), these tools enable attackers to keep track of users in compromised networks and gather information about security, backup, and remote administration software. ** **

RedLine stealer operations disrupted

ESET researchers, with the help of GitHub, have temporarily disrupted the operations of RedLine stealer. The experts managed to pull off this act as the malware used GitHub repositories as dead-drop resolvers in the control panel. ESET shared this finding with GitHub, which immediately suspended the repositories.

Top Vulnerabilities Reported in the Last 24 Hours

Oracle patches 433 flaws

Oracle has issued 433 new patches as part of its quarterly set of security updates. This includes more than 70 fixes for critical severity vulnerabilities. More than 250 of the addressed flaws can be exploited remotely and without authentication. The vulnerabilities affect a wide range of products, including MySQL, GoldenGate, Siebel CRM, SQL Developer, Hyperion, NoSQL Database, REST Data Services, and E-Business Suite.

Old flaw exploited in Cisco routers

Government agencies in the U.S. and the U.K issued a joint advisory to warn organizations about attacks exploiting an old vulnerability in Cisco routers. The attacks are attributed to the Fancy Bear threat group and the flaw in question is CVE-2017-6742. It can allow unauthenticated attackers to execute arbitrary code on the targeted device by sending specially crafted SNMP packets. The attackers are exploiting the vulnerability to deploy a custom malware, named Jaguar Tooth.

Top Scams Reported in the Last 24 Hours

EPOS Net customers targeted

Researchers detected a sophisticated phishing attack campaign targeting EPOS Net customers, a credit card company in Japan. The scammers relied on meticulously crafted emails and websites and used official customer service numbers to establish the illusion of legitimacy. The phishing emails warn recipients about an unauthorized activity observed on their cards and urge them to take action by clicking on the attached link.