Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 4, 2019

Vulnerable plugins can pose a serious threat as they can be abused to deliver malware or steal sensitive information from websites. Lately, security researchers have uncovered a massive ongoing malvertising campaign targeting millions of WordPress sites. The campaign which is active since July 2019, is being carried out by exploiting vulnerabilities in popular plugins such as Bold Page Builder, Bold Designer, Live Chat with Facebook Messenger, and WP Live Chat Support.

The past 24 hours also witnessed the emergence of a new malware downloader and a new toolkit. While Domen social engineering toolkit is used to display fake browser and software update alerts on compromised sites, Ostap malware downloader makes use of a Microsoft Word 2007 macro-enabled document in order to propagate its malware payloads into victims’ machines.

Top Breaches Reported in the Last 24 Hours

Providence Health Plan data breached

Providence Health Plan is notifying as many as 122,000 health plan members that their insurance information may be at risk. The incident came to light after it was notified by Dominion National of possible unauthorized access. Dominion National and Providence Health Plan have no evidence that any information was viewed, accessed or has been misused.

Russell Stover Chocolates affected

Russell Stover Chocolates, LLC recently became aware of a data security incident that potentially affected payment cards for some customers. The incident occurred after hackers gained access to Russell Stover’s PoS systems through malware. The firm has notified law enforcement agencies about the incident.

Top Malware Reported in the Last 24 Hours

Millions of WordPress sites targeted

Cybercriminals have targeted millions of WordPress sites in a massive malvertising campaign. They have managed to pull off the campaign by exploiting the vulnerabilities that reside in some of the most popular plugins such as Bold Page Builder, Bold Designer, Live Chat with Facebook Messenger, and WP Live Chat Support.

Domen toolkit

A newly discovered Domen social engineering toolkit has been found infecting users’ machines with malware. The toolkit is used to display fake browser and software update alerts on compromised sites. The toolkit supports the creation of alerts using 30 different languages and is designed to target both desktop and mobile users.

Ostap downloader

Threat actors are increasingly using a new Ostap malware downloader to deliver Trickbot trojan. The malware downloader is distributed through emails as a Microsoft Word 2007 macro-enabled document which contains two components - a VBA macro and JScript. The emails are themed as purchase orders, suggesting that the campaigns are likely intended to target businesses rather than individuals.

Phishing campaign

Researchers from Cofense have spotted a new phishing campaign that uses SharePoint sites to bypass secure email gateways and target banks with phishing URLs. The emails are sent from compromised accounts, asking the targets to review a legal assessor's proposal via a URL embedded within the message. The URL links to an attacker-controlled SharePoint site.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Zyxel devices

Multiple security vulnerabilities have been discovered in various Zyxel devices. The flaws arise due to the use of unauthenticated DNS requests and hardcoded FTP credentials. One of the flaws impacts Zyxel security and networking devices from the USG, UAG, ATP, VPN, and NXC products. Updates to fix the issues have been released at the end of August.

Vulnerable Epignosis eFront

Two serious vulnerabilities have been found affecting Epignosis eFront. While the first flaw could allow an attacker to remotely execute code on the victim system, the second flaw opens the victim machine to SQL injections. Epignosis has addressed the issues in eFront version 5.2.13.

Related Threat Briefings