Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 24, 2020

Leaving vulnerable software or hardware unpatched or unattended can invite unwanted problems. Lately, researchers have reported that threat actors are making attempts to exploit a high-severity path traversal flaw found in Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The flaw can allow attackers to obtain sensitive data from targeted systems.

There has also been a discovery of a new variant of Phobos ransomware in the last 24 hours. The new variant is capable of stealing users’ machine information. It uses system activation tools to spread on victims’ machines. Meanwhile, the infamous Sodinokibi ransomware has claimed its attack on Spain’s Administrador de Infraestructuras Ferroviarias (ADIF) by stealing around 800GB of data.

Top Breaches Reported in the Last 24 Hours

GEDmatch confirms an attack

GEDmatch has disclosed a security breach that exposed the DNA profiles of more than one million people to law enforcement agencies. The firm immediately took the website down to contain the breach.

Updates on Blackbaud breach

The latest update in the ransomware attack on Blackbaud reveals that the incident has affected nine more universities. Earlier, it had come to notice that the University of York was one of their victims. Some of the new victims include the University College Oxford, the University of London, Canada’s Ambrose University, and the Rhode Island School of Design.

Spain’s ADIF attacked

The Administrador de Infraestructuras Ferroviarias (ADIF) in Spain has been hit by the Sodinokibi ransomware. The threat actors have stolen 800GB of sensitive data and published some portion of it to claim their attack.

Florida Tax Office hit

A Florida Tax Collector’s Office has revealed a data breach that occurred in June. The incident has affected around 450,000 residents in Polk County.

Garmin affected

Smartwatch and wearable maker Garmin has shut down its services and halted its production systems following a ransomware attack on July 23. The extent of the attack is yet to be assessed.

Top Malware Reported in the Last 24 Hours

A new variant of Phobos

Researchers have discovered a new variant of Phobos ransomware that uses software such as system activation tools as a carrier to trick users into installing the malware. The variant is capable of stealing users’ machine information. After encrypting the files, the variant adds a specific suffix named id[XXXXXXXX-2275].[helprecover@foxmail[.]com].help, where “XXXXXXXX” is the disk serial number.

29 fake Android apps

A total of 29 fake photo editing apps that can compromise devices have been found by researchers. These fake apps have been downloaded 3.5 million times from the Google Play Store and are being used in a campaign named Chartreuse Blur.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco vulnerability exploited

Researchers informed that attackers are making attempts to exploit a recently patched high-severity path traversal flaw affecting Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The flaw, tracked as CVE-2020-3452, can be exploited to obtain potentially sensitive files from the targeted system.

Vulnerable ASUS routers

Two flaws found in ASUS routers can allow attackers to compromise the devices. While the first flaw (CVE-2020-15498) stems from a lack of certificate validation, the second (CVE-2020-15499) exists in the Web Management interface.

Related Threat Briefings