Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 16, 2020

The volume of newly discovered malware is growing in number and has become a major threat. In the past 24 hours, researchers came across three new malware, two of which are related to new variants of SystemBC backdoor and Gitpaste-12 botnet. While the new variant of SystemBC uses the Tor proxy network to encrypt and conceal the destination of its C2 traffic, the new version of Gitpaste botnet comes with exploits for 31 known vulnerabilities affecting web applications, IP cameras, and routers.

The third new malware is dubbed Goontact spyware which is distributed via third-party sites promoting free instant messaging apps. The malware is capable of collecting data such as phone identifiers, contacts, SMS messages, photos, and location information of victims.

Top Breaches Reported in the Last 24 Hours

Sonoma Valley Hospital affected

California-based Sonoma Valley Hospital (SVH) has notified its 67,000 patients that their personal data may have been exposed in a cyberattack. The incident occurred on October 11, after which the hospital took immediate action to minimize the impact of the attack. Among the records accessed are names, addresses, dates of birth, and insurer group numbers of patients.

45 million images exposed

Two thousand servers containing 45 million images of X-rays and other medical scans were left online during the course of the past twelve months, freely accessible by anyone. Not only was the sensitive personal information unsecured, but malicious folk had also accessed those servers and poisoned them with apparent malware.

Top Malware Reported in the Last 24 Hours

New Goontact spyware

Goontact is a new spyware that is currently being distributed via third-party sites promoting free instant messaging apps related to escort services. The malware, which is used against Chinese speaking countries, is capable of collecting data such as phone identifiers, contacts, SMS messages, photos, and location information of victims.

Gitpaste-12 botnet enhanced

The Gitpaste-12 botnet has returned in a new wave of attacks targeting web applications, IP cameras, and routers. The new variant, known as X10-unix, is a UPX-packed binary written in the Go language, compiled for x86-64 Linux systems. Researchers discovered that the variant harbors exploits for at least 31 known vulnerabilities, seven of which were present in the previous sample.

SystemBC malware evolves

A commodity malware backdoor, SystemBC, has evolved to use the Tor anonymizing network to encrypt and conceal the destination of command and control traffic. The research also highlighted that the backdoor was used in recent Ryuk and Egregor attacks, often used in combination with post-exploitation tools such as Cobalt Strike.

Top Vulnerabilities Reported in the Last 24 Hours

AIR-FI attack

Researchers have uncovered a new data exfiltration technique called AIR-FI that allows the exfiltration of data from air-gapped systems. The technique leverages memory buses for the generation of covert signals, thus eliminating the need for Wi-Fi hardware. For the interception of these signals, Wi-Fi capable devices such as smartphones, IoT devices, and laptops are used.

More details on Urgent/11 flaws

According to a report from Armis, 97% of industrial devices affected by the Urgent/11 vulnerabilities are not yet patched. Furthermore, 80% of devices impacted with CDPwn bugs are still vulnerable to attacks despite the release of security patches.

Vulnerable Medtronic product

Flaws in Medtronic’s MyCareLink Smart 25000 Patient Reader product could be exploited to take control of a paired cardiac device. The flaws are tracked as CVE-2020-25183, CVE-2020-25187, and CVE-2020-27252. They can be exploited by an attacker within the Bluetooth range of the vulnerable product.

Vulnerable WP SMTP plugin

Easy WP SMTP WordPress plugin is affected by a vulnerability that could allow attackers to take control of websites. The flaw affects versions below 1.4.2 of the plugin. It is related to an issue in the debug file that is exposed because of a fundamental error in how the plugin maintains a folder.

Apple releases updates

Apple has released updates for a total of 59 vulnerabilities as part of its December 2020 Patch Tuesday. These include 30 flaws that could lead to the execution of arbitrary code. The impacted components are Audio, App Store, Bluetooth, CoreAudio, FontParser, Graphics Drivers, Kernel, ImageIO, Intel Graphics Driver, libxml2, Ruby, WebRTC, and Wi-Fi.

Related Threat Briefings