Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 18, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 18, 2020
Potential vulnerabilities in devices and software can introduce numerous cybersecurity risks for organizations and individuals. In the past 24 hours, security researchers have come across several instances of exploitation of flaws that led either to data leaks or compromise of systems. The first case was related to the data breach at many gym and sports apps due to vulnerabilities in the Fizikal management platform. The second case was related to the ransomware attack at one of the brands operated by Carnival Corporation. It is believed that the issue arose due to vulnerable edge gateway devices used by the firm.
Amidst these potential attacks and data breaches, the past 24 hours also witnessed the discovery of five uninstallers for the GoldenSpy malware. All of these identified variants include identical behavior, with some variations in execution flows and string obfuscation techniques.
Top Breaches Reported in the Last 24 Hours
Fizikal data breach
A management platform, Fizikal, used by dozens of gym and sports apps in Israel, was breached by hackers. This resulted in the compromise of many user accounts. An investigation by a security researcher revealed that the platform was affected by several vulnerabilities that enabled hackers to bypass security checks and get access to users’ accounts.
Carnival hit again
One of the brands operated by the cruise line operator Carnival Corporation was hit by a ransomware attack on August 15, 2020. As part of the attack, the criminals are expected to have stolen some personal data of its guests and employees. Security researchers believe that vulnerable edge gateway devices used by the firm could be the cause of the attack.
Cense leaks 2.5 million records
A misconfigured database belonging to Cense had leaked 2.5 million records containing Personally Identifiable Information (PII) of users. The exposed data was stored directly on the same IP address as that of the Cense website.
Transport fleet hacked
Germany’s state-owned vehicle fleet, which is run by the Bundeswehr military, has been hacked. At present, it is unknown when the data center was first compromised and whether any data was siphoned off.
Leaky GitHub repositories
Multiple misconfigured GitHub repositories were found leaking medical records of around 200,000 US residents. The records belonged to nine U.S. entities including Xybion, MedPro Billing, Texas Physician House Calls, VirMedica, MaineCare, Waystar, Shields Health Care Group, and AccQData.
Top Malware Reported in the Last 24 Hours
New Cryptomining worm
A new cryptomining botnet used by TeamTNT threat actor group includes a feature that scans and steals AWS credentials. The modus operandi of the group includes scanning for Docker systems that have their management API exposed on the internet without a password.
Duri attack campaign
A new attack campaign dubbed Duri has been found using a combination of HTML smuggling techniques and data blobs to evade detection and download malware. The campaign, which began in July 2020, is still actively targeting users through HTML pages hosted on duckdns[.]org.
Uninstallers for GoldenSpy malware
A total of five uninstallers meant for removing the GoldenSpy backdoor from infected systems have been identified by researchers. All of these identified variants include identical behavior, with some variations in execution flows and string obfuscation techniques. The size of the uninstallers also differs, helping them evade detection.
Top Vulnerabilities Reported in the Last 24 Hours
Windows spoofing flaw
An actively exploited Windows spoofing vulnerability patched this month by Microsoft has been known for more than two years. The flaw in question is tracked as CVE-2020-1464 and is related to incorrect file signature validation in Windows. An attacker can exploit the vulnerability to bypass security features and load improperly signed files.
Concrete5 flaw fixed
A remote code execution vulnerability in the Concrete5 CMS has been fixed in an updated version. The flaw can lead to a full compromise of the susceptible web application and the web server on which the application is hosted.