Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 16, 2020

The perks of Bluetooth technology come with several security risks and one such threat has been identified by a group of academics. Discovered as a new Bluetooth Low Energy Spoofing Attacks (BLESA), it affects billions of IoT devices, including smartphones and laptops. Successful exploitation of the flaw can allow threat actors to connect with a device and send spoofed data to it.

Moreover, researchers have successfully hacked Facebook by exploiting three recently discovered vulnerabilities in MobileIron’s Mobile Device Management system. These flaws were reported to MobileIron in March and a patch was released later.

Top Breaches Reported in the Last 24 Hours

800,000 keys exposed

Researchers have found almost 800,000 access keys and secrets from repositories and files uploaded to GitHub, GitLab, and Pastebin. Over 40% of these keys can grant access to database stores, while 38% to cloud environments, such as AWS, Google Cloud, and Microsoft Azure.

St. Louis County fends off attack

St. Louis County prevented a cyberattack earlier this month that was launched on its website. Threat actors had mimicked legitimate traffic in an effort to exploit a vulnerability in the website’s management system and deploy a trojan.

LockBit double extortion site launched

LockBit ransomware gang has launched a new data leak site as part of their double extortion strategy to scare victims into paying a ransom. Since the end of 2019, the gang had adopted the tactic of stealing unencrypted files before encrypting the computers on a network.

Top Malware Reported in the Last 24 Hours

New MrbMiner malware

A new cyber gang named MbrMiner has been found hacking into Microsoft SQL Servers (MSSQL) to install a cryptomining malware with the same name. So far, the attackers have infected thousands of MSSQL databases. The infection process includes the download of an assm.exe file to gain persistence and add a backdoor for future access. The backdoor connects with the C2 server and downloads a malicious app designed to mine Monero cryptocurrency.

Top Vulnerabilities Reported in the Last 24 Hours

BLESA flaw

A team of academics has discovered a new Bluetooth Low Energy Spoofing Attacks (BLESA) flaw that affects billions of IoT devices. It exploits a vulnerability that arises from the authentication mechanism used while reconnecting with Bluetooth-enabled devices. Successful exploitation of the flaw can allow threat actors to connect with a device and send spoofed data to it. As of June 2020, while Apple has assigned the CVE-2020-9770 to the vulnerability and fixed it

Vulnerable Nitro PDF reader

Cisco Talos has listed multiple code execution vulnerabilities in the Nitro PDF reader. The flaws are tracked as CVE-2020-6116, CVE-2020-6146, CVE-2020-6112, CVE-2020-6113, and CVE-2020-6115. These flaws affect Nitro Pro PDF versions 13.13.2.242 and 13.16.2.300.

MobileIron’s flaws exploited

Researchers managed to hack into Facebook by exploiting three vulnerabilities in MobileIron’s Mobile Device Management system. The flaws were identified as arbitrary file reading (CVE-2020-15507), remote code execution (CVE-2020-15505), and authentication bypass (CVE-2020-15506).

Top Scams Reported in the Last 24 Hours

New Smishing campaign

A new Smishing campaign is using the United States Postal Service (USPS) as a disguise to target mobile users. The fake SMSes claim to contain information about a USPS package for recipients and ask them to click on a link containing the domain ‘m9sxv[.]info’. The purpose of the campaign is to steal victims’ personal details.

Related Threat Briefings