Cyware Daily Threat Intelligence

Daily Threat Briefing • Sep 16, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Sep 16, 2020
The perks of Bluetooth technology come with several security risks and one such threat has been identified by a group of academics. Discovered as a new Bluetooth Low Energy Spoofing Attacks (BLESA), it affects billions of IoT devices, including smartphones and laptops. Successful exploitation of the flaw can allow threat actors to connect with a device and send spoofed data to it.
Moreover, researchers have successfully hacked Facebook by exploiting three recently discovered vulnerabilities in MobileIron’s Mobile Device Management system. These flaws were reported to MobileIron in March and a patch was released later.
Top Breaches Reported in the Last 24 Hours
800,000 keys exposed
Researchers have found almost 800,000 access keys and secrets from repositories and files uploaded to GitHub, GitLab, and Pastebin. Over 40% of these keys can grant access to database stores, while 38% to cloud environments, such as AWS, Google Cloud, and Microsoft Azure.
St. Louis County fends off attack
St. Louis County prevented a cyberattack earlier this month that was launched on its website. Threat actors had mimicked legitimate traffic in an effort to exploit a vulnerability in the website’s management system and deploy a trojan.
LockBit double extortion site launched
LockBit ransomware gang has launched a new data leak site as part of their double extortion strategy to scare victims into paying a ransom. Since the end of 2019, the gang had adopted the tactic of stealing unencrypted files before encrypting the computers on a network.
Top Malware Reported in the Last 24 Hours
New MrbMiner malware
A new cyber gang named MbrMiner has been found hacking into Microsoft SQL Servers (MSSQL) to install a cryptomining malware with the same name. So far, the attackers have infected thousands of MSSQL databases. The infection process includes the download of an assm.exe file to gain persistence and add a backdoor for future access. The backdoor connects with the C2 server and downloads a malicious app designed to mine Monero cryptocurrency.
Top Vulnerabilities Reported in the Last 24 Hours
BLESA flaw
A team of academics has discovered a new Bluetooth Low Energy Spoofing Attacks (BLESA) flaw that affects billions of IoT devices. It exploits a vulnerability that arises from the authentication mechanism used while reconnecting with Bluetooth-enabled devices. Successful exploitation of the flaw can allow threat actors to connect with a device and send spoofed data to it. As of June 2020, while Apple has assigned the CVE-2020-9770 to the vulnerability and fixed it
Vulnerable Nitro PDF reader
Cisco Talos has listed multiple code execution vulnerabilities in the Nitro PDF reader. The flaws are tracked as CVE-2020-6116, CVE-2020-6146, CVE-2020-6112, CVE-2020-6113, and CVE-2020-6115. These flaws affect Nitro Pro PDF versions 13.13.2.242 and 13.16.2.300.
MobileIron’s flaws exploited
Researchers managed to hack into Facebook by exploiting three vulnerabilities in MobileIron’s Mobile Device Management system. The flaws were identified as arbitrary file reading (CVE-2020-15507), remote code execution (CVE-2020-15505), and authentication bypass (CVE-2020-15506).
Top Scams Reported in the Last 24 Hours
New Smishing campaign
A new Smishing campaign is using the United States Postal Service (USPS) as a disguise to target mobile users. The fake SMSes claim to contain information about a USPS package for recipients and ask them to click on a link containing the domain ‘m9sxv[.]info’. The purpose of the campaign is to steal victims’ personal details.