Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 14, 2020

Potential vulnerabilities in devices and software can introduce numerous cybersecurity risks for organizations and individuals. In the past 24 hours, a new vulnerability called PrintDemon has been discovered that affects all versions of the Windows operating system released before 1996. Meanwhile, Siemens has disclosed that its 9410 and 9810 series of Power Meter are affected by the Urgent/11 vulnerability.

In the past 24 hours, there has been a major revelation about new malware samples used by the North Korean government-backed hacker group, HIDDEN COBRA. The new malware are COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH.

Top Breaches Reported in the Last 24 Hours

Data put up for sale

Data belonging to nine million customers of the CDEC Express transportation services was put up for sale on the dark web for $950. The leaked data included information about the delivery and location of goods and information about buyers, including tax identification numbers. Meanwhile, CDEC claimed that there was no data breach in the company.

ARCHER’s login nodes exploited

One of Britain’s most powerful supercomputers, ARCHER, fell victim to a cyberattack that exploited its login nodes. This forced the admin to reset passwords and SSH keys of all users.

NSW attacked

The New South Wales Government confirmed that it was the target of a malicious phishing attack. The incident occurred on April 22, 2020 and had affected the email accounts of 47 Service NSW Staff members.

Grubman Shire Meiselas & Sacks hit

New York-based Grubman Shire Meiselas & Sacks confirmed that cybercriminals have stolen around 756 GB of private documents and correspondence - belonging to celebrities - from its network. The attackers have demanded $21 million in ransom to stop the release of those documents online.

WA’s subscribers’ data compromised

The personal details of The West Australian subscribers may have been compromised after the Seven West Media was targeted by hackers. Reports say that the hackers had gained unauthorized access to the company’s subscription administration email by impersonating the administrator of the mailbox.

Magellan Healthcare attacked

Magellan Healthcare was hit by a ransomware attack that led to the theft of personal information from one of its corporate servers. The incident occurred on April 11 after an unauthorized actor gained access to Magellan’s systems through a phishing email sent on April 6.

Top Malware Reported in the Last 24 Hours

Three new malware samples

The US Cyber Command and CISA have released details about three new malware samples used by the North Korean government-backed hacker group, HIDDEN COBRA. These new malware strains are COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH. The new malware are being used for phishing and gaining remote access to computers.

New Ramsay malware

A newly discovered malware toolkit called Ramsay, was found to be capable of collecting sensitive files from air-gapped systems. It lands on a victim’s computer via a malicious RTF file and scans for removable drives, and network shares for Word documents, PDF files, and ZIP archives. So far, there are three variants of the malware.

COVID-19 themed phishing

Microsoft has discovered a new COVID-19 themed phishing campaign that targets businesses with the LokiBot trojan. The campaign relies on COVID-19-laced malicious attachments to lure users.

Top Vulnerabilities Reported in the Last 24 Hours

PrintDemon vulnerability

PrintDemon vulnerability was found impacting all Windows versions released before 1996. The flaw is located in the Windows Print Spooler and can be exploited to hijack Windows systems. A security patch to address the flaw has been issued by Microsoft.

Urgent/11 vulnerability

Siemens informed its customers that some of its low and high voltage power meters are affected by a set of vulnerabilities dubbed Urgent/11. The vulnerability affects 9410 and 9810 series devices that run a firmware version prior to 2.1.1. The vulnerability could allow an attacker to execute a variety of exploits for the purpose of DoS, data extraction, and remote code execution.

SAP fixes six issues

SAP has released fixes for around two dozen critical issues as part of its security patches for the month of May. Some of these flaws are remotely exploitable and require no user interaction. The most critical one of these flaws was CVE-2020-6262, which has a severity score of 9.9 on the CVSS scale.

Buggy Site Kit plugin

A privilege escalation vulnerability in Site Kit plugin could allow attackers to gain access to Google Search Console of a targeted site. The plugin is also affected by a flaw that is caused by the disclosure of the proxySetupURl within the HTML source code of admin pages.

Top Scams Reported in the Last 24 Hours

Fraud text message

A fake text message that appears to come from the Chartered Trading Standards Institute (CTSI) was found redirecting recipients to a phishing website, designed to collect their personal information. The message is sent under the pretext of contact-tracing for a person who contracted COVID-19.

Related Threat Briefings