Threat Intel: Thursday, May 2

Welcome to another weekly Threat Intelligence Roundup!

Each week we’ll cover the latest on emerging threats, trends, and top security practices. Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.

Threat Intelligence Email Blasts This Week:

NAS devices exposed to RCE via backdoor account

A critical vulnerability with a CVSS score of 9.8 that not only allows for the deployment a variant of Mirai malware to these devices to add them to existing botnets for future DDoS attacks. This vulnerability affects over 92,000 D-Link NAS storage devices that are currently exposed online.

GitHub Flaw Exploited for Malware Distribution!

Cybercriminals have found a way to exploit GitHub’s file upload feature to attach malware to innocent comments left on project commits or issues. This means that even a harmless-looking script or tool could potentially harbor malicious content.

This week’s roundup:

Dropbox Discloses Breach of Digital Signature Service Affecting All Users

Dropbox Sign was recently breached by threat actors. Although high confidential data such as hashed passwords were only compromised for a small subset of users, all DropBox Sign users were affected to some degree by the breach. Users of DropBox Sign should remain vigilant and consider changing their passwords and monitoring their accounts for any suspicious activity.

New ‘Brokewell’ Android Malware Spread Through Fake Browser Updates

Brokewell malware has emerged as a significant threat to Android users. The malware masquerades as an update for a new version of Google Chrome. Once installed it can capture every event on the device. Ensure you are running the latest version of Android on all devices.

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

A critical security issue with the WP Automatic plugin for WordPress has been exploited by hackers. The exploitation of the vulnerability allows hackers to create admin accounts and potentially take over websites. Please review your plugins to ensure you aren’t running a vulnerable version of the WP Automatic plugin. If you are, please take immediate action in the form of updates or removal.

UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA

Threat actors gained unauthorized access to UnitedHealth’s systems by exploiting a security flaw within Citrix. Unfortunately, the compromised system did not have multi-factor authentication enabled. This allowed the threat actors to move laterally within the systems and steal data.

New Cuttlefish malware infects routers to monitor traffic for credentials

Cuttlefish is a malware that targets both enterprise-level and small office/home office (SOHO) routers. It infiltrates routers to steal authentication details and other data beyond the network’s edge. It’s more important now, than ever, to continue to secure enterprise edge devices, as they’ve proven to be a major target this year. Please inventory and update all edge devices, paying close attention to software that is end-of-life.

Leave a Reply