2017-7-10 Global Cyber Attack Reports

TOP ATTACKS AND BREACHES

• Security researchers have found an unsecured Amazon S3 server belonging to the World Wrestling Entertainment (WWE), which led to the possible exposure of sensitive data of over 3 million registeredusers. The researchers have also found a second database that included statistical marketing data.
• The South Korean cryptocurrency exchange, Bithumb, has suffered a security breach in which threat actors have managed to steal sensitive information of the firm’s customers including email addresses. The threat actors have tricked the users into giving them their credentials, consequently stealing hundreds of thousands of dollars’ worth of Bitcoin and Ethereum.
• A security breach has led to the theft of sensitive information of few Google employees. In this attack the threat actors have managed to hack the reservation system that is used by a travel agency which provides the hotel arrangements for Google employees for their work travel.
• A wide phishing campaign against the new website of China Digital Times has been discovered by security researchers. The threat actors used fake web pages and phishing emails attempting to lure the employees into typing their credentials and steal them.
• Reckitt Benckiser, a worldwide producer specializing in health, hygiene and home products, has fallen victim to the Not Petya attack. The firm experienced major production difficulties and was unable to ship orders for its customers.
• WikiLeaks have released leaked manuals for two CIA Hacking tools built to steal SSH credentials. The first, dubbed BothanSpy, is designed for the Windows OS and the second, dubbed Gyrfalcon, is designed for the Linux OS.

VULNERABILITIES AND PATCHES

• A security researcher has found a new flaw in Android and IOS devices which allowed exploiting a vulnerability (CVE-2017-3544) in Broadcom Wi-Fi chips that are embedded in millions of mobile devices. Google has addressed a patch for the vulnerability in its latest security patch release.
• Security researchers have found a high severity vulnerability in Dell EMC Data Protection Advisor (CVE- 2017-4976) and a blind SQL injection flaw (CVE-2017-8002) in Dell EMC ESRS Policy Manager products.
• Cisco has addressed 7 new vulnerabilities, 3 of them found in the Ultra Services Framework and Elastic Services Controller products.
• Joomla has released version 3.7.3, fixing vulnerabilities that exist in websites running older versions. Check Point IPS provides protection against this threat (Joomla Core Sterilizer Cross-Site Scripting Filter Privilege Escalation; Joomla Core HTML ttributes Cross-Site Scripting Filter Privilege Escalation)

THREAT INTELLIGENCE REPORTS

• A new Android Malware, dubbed CopyCat, has been discovered by the Check Point Mobile Research Team. According to the report, the malware infected 14 million Android devices, mainly in the Southeast Asia, and earned its authors approximately $1.5M. Check Point Anti-Bot provides protection against this threat Trojan.AndroidOS.CopyCat.*)
• Check Point’s researchers have published a technical report regarding the subtitle attack vector that they found in prominent streaming platforms such as Kodi (XBMC), PopcornTime and more. Check Point IPS provides protection against this threat (Kodi Open Subtitles Addon Remote Code Execution; Popcorn Time Subtitles Remote Code Execution; VLC ParseJSS Null Skip Subtitle Remote Code Execution; Stremio Subtitles Remote Code Execution)
• A new analysis report has been published by the Check Point research team, providing the findings regarding Petya’s Kernel (DoublePulsarV2.0) analysis. Check Point IPS, Anti-Bot and Anti-Virus blades provide protection against this threat (Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0144); Microsoft Windows SMB Information Disclosure (MS17-010: CVE-2017-0147); Microsoft Windows DoublePulsar SMB Remote Code Execution; Petya Ransomware Lateral Movement Remote Code Execution; Microsoft Windows EternalBlue SMB Remote Code Execution; Operator.Petya)
• An analysis of the new “Azer” variant of the CryptoMix Ransomware has been released. According to security researchers, there are a few changes in the new variant, such as new ransom note and a completely offline operation. Check Point Anti-Bot and Anti-Virus blades provide protection against this threat (Trojan-Ransom.Win32.CryptoMix.*)