Cybersecurity Weekly: Kupidon ransomware, WordPress attack, eCh0raix ransomware

June 8, 2020 by Sam Fay

Kupidon is the latest ransomware targeting your data. An attack targeted database credentials on 1.3 million WordPress sites. The ongoing eCh0raix ransomware campaign targets QNAP NAS devices. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Kupidon is the latest ransomware targeting your data

First spotted by researchers on May 9 after being uploaded to ID-Ransomware, Kupidon quickly increased distribution and victims started streaming into the ransomware identification site. This ransomware is targeting both personal users and businesses, most likely through exposed remote desktop servers.
Read more »


2. Attack targeted database credentials on 1.3 million WordPress sites

The attack took place between May 29 and May 31 and was stopped by the Wordfence Firewall, which blocked more than 130 million attacks. The attacks from this campaign accounted for 75 percent of all attempted exploits of plugin and theme vulnerabilities across the WordPress ecosystem.
Read more »


3. Ongoing eCh0raix ransomware campaign targets QNAP NAS devices

After remaining relatively quiet over the past few months, the threat actors behind the eCh0raix ransomware launched a new campaign targeting QNAP storage devices. The threat actors are gaining access to QNAP devices through known vulnerabilities or by brute-forcing weak passwords used on the device.

Read more »


4. Two critical flaws in Zoom could let attackers hack systems via chat

This latest Zoom security warning is about two newly discovered critical vulnerabilities. Last week, cybersecurity researchers discovered two critical vulnerabilities in the Zoom software that could have allowed attackers to hack into the systems of group chat participants or an individual recipient remotely.
Read more »


5. Critical VMware Cloud Director flaw lets hackers take over corporate servers

Cybersecurity researchers disclosed details for a new vulnerability in VMware’s Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. The code injection flaw could be abused by an authenticated attacker to execute arbitrary code.
Read more »


6. New USBCulprit espionage tool steals data from air-gapped computers

A threat actor developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage. The APT, known as Cycldek, Goblin Panda or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks, including previously unreported custom tools, tactics and procedures.
Read more »


7. CPA Canada discloses data breach affecting 329,000 individuals

Last week, Chartered Professional Accountants of Canada disclosed a cyberattack against the CPA Canada website that allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders. The organization said passwords and full credit card numbers were also exposed in the incident.

Read more »


8. 100,000 company inboxes hit with voice message phishing

Attackers have been pounding employee inboxes at companies that still use PBX telephone systems for communication, delivering phishing that bypasses email defenses. The messages pretended to be voicemail notifications from PBX integrations and featured custom subject lines to pass a superficial legitimacy test.
Read more »


9. Skimmer gang touted by KrebsOnSecurity stole $1.2 billion

According to the OCCRP, the gang’s skimming devices allowed thieves to clone victim’s payment cards, which were used to withdraw funds from ATMs in other countries — often halfway around the world in places like India, Indonesia and Taiwan. Investigators say each skimmer captured about 1,000 cards per month.
Read more »


10. Recently patched SAP ASE flaws could let attackers hack database servers

A new set of critical vulnerabilities in SAP’s Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. The six flaws reside in Sybase Adaptive Server Enterprise, a relational database management software geared towards transaction-based applications.
Read more »

Posted: June 8, 2020
Sam Fay
View Profile