Cyware Daily Threat Intelligence

Daily Threat Briefing • Dec 24, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Dec 24, 2019
‘Critical’ and ‘High’ severity security flaws can invite a slew of cyberattacks if they are not patched on time. The past 24 hours saw the discovery of new Magellan 2.0 vulnerabilities that affect Chrome browsers prior to version 79.03945.79. It is a set of five SQLite vulnerabilities that can be exploited by attackers to launch remote code execution, leak program data, or cause a program to crash.
In another finding, it is estimated around 80,000 companies in 159 countries are at risk due to a critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway. The flaw can be exploited by attackers to access company networks. Citrix has released security updates and mitigation measures to address the flaw.
A new Peer-to-Peer botnet called Mozi has also been found to be distributed via telnet and various exploits. The botnet is capable of launching DDoS attacks and has been found infecting Netgear, D-Link and Huawei routers.
Top Breaches Reported in the Last 24 Hours
Truckstop.com hit with malware
The online services of Truckstop.com have been disrupted following a malware attack. The incident has not affected customer information. The officials would be notifying anyone potentially affected. The firm is working on resolving the issue as fast as possible. Other sites affected include its factoring, RFP tool, and real-time freight service, along with Involta, Shipper Mate, and LTL carrier.
Top Malware Reported in the Last 24 Hours
An uptick in ISO email attachments
Security researchers have noticed an increase in malicious spam campaigns wherein malware is delivered via image file formats. Of these, ISO format is the most prevalent. Such file formats have been used to deliver malware like NanoCore, Remcos, and LokiBot information stealer.
New Mozi P2P botnet
A new P2P botnet dubbed Mozi has been found infecting Netgear, D-Link, and Huawei routers. The botnet borrows its code from Gafgyt botnet. The main purpose of the botnet is to launch DDoS attacks. The botnet uses telnet and exploits for propagation to new vulnerable devices.
Maze ransomware gang releases a new list
The gang behind Maze ransomware has launched a website that shares the list samples of stolen data, including the one from the Florida city of Pensacola. The list also includes a threat to dump all the stolen data online if victims do not pay. Till Monday, the site has listed 21 organizations that were affected between October 21 and December 14, 2019.
Top Vulnerabilities Reported in the Last 24 Hours
Magellan 2.0 vulnerability
Magellan 2.0 is a new set of five SQLite vulnerabilities affecting Chrome versions prior to 79.03945.79. The vulnerabilities are tracked as CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753. An attacker can abuse the vulnerability to launch remote code execution, leak program or cause a program to crash.
Flawed Citrix ADC and Gateway
A critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway could be exploited by attackers to access company networks. It has been estimated that 80,000 companies in 158 countries are potentially at risk. Most of them are in the U.S, followed by the UK, Germany, the Netherlands, and Australia. The vulnerability is tracked as CVE-2019-19781.
NVIDIA patches high severity vulnerability
NVIDIA has issued a security update for the Windows NVIDIA GeForce Experience app designed to patch a vulnerability that could allow potential local attackers to trigger a denial of service state or escalate privileges on systems running unpatched software. The flaw is tracked as CVE-2019-5702.
Plenty of Fish fixes a flaw
Dating app Plenty of Fish has pushed out a fix for its app after a security researcher found that it was leaking information that users had set to ‘private’ on their profiles. The leaked information included users’ first names and postal ZIP codes.