Cyware Daily Threat Intelligence April 06, 2018

Top Malware Reported in the Last 24 Hours
WhiteRose ransomware
A new ransomware belonging to the Infinite Tear ransomware family, called WhiteRose ransomware, has been discovered by security researchers. The ransomware was discovered infecting devices and encrypting files by attaching '.WHITEROSE' extension. Users are advised to avoid paying a ransom, as this ransomware is surprisingly decryptable.

IcedID banking trojan
The IcedID banking trojan, which used Emotet to distribute itself, has been noticed spreading via emails with attached malicious Microsoft Word documents containing Macros. The trojan is also using the Rovnix malware to infect systems. IcedID employs a minimalist process injection technique to avoid detection.

IoTroop botnet
A new botnet, called IoTroop, has been designed by hackers in order to specifically target the financial sector. Unlike Mirai, this botnet attempts at infecting vulnerable devices by exploiting vulnerabilities and not via unchanged administrator credentials. IoTroop has over 13,000 devices—each with a unique IP address.

Top Vulnerabilities Reported in the Last 24 Hours
Microsoft patches RCE flaw
The security patch for the exploitable memory corruption vulnerability in the Microsoft Malware Protection Engine (MMPE) has been released. The update gets automatically installed in systems with update management software configured to automatically approve and distribute engine updates.

Flaws in Spring Framework apps
The open source framework for Java-based enterprise applications, Spring Development Framework, was discovered with three vulnerabilities. One is a remote code execution vulnerability (CVE-2018-1270), the second one allows hackers to execute directory traversal attack (CVE-2018-1271), the third one is dubbed CVE-2018-1272. Users are advised to install versions 5.0.5 and 4.3.15 to stay safe.

Security flaws in Moxa devices
Two security flaws have been discovered in Moxa devices. The first flaw is found in the Moxa AWK-3131A 802.11n industrial wireless networking gear and the second resides in Moxa’s MXview network management software. Hackers can exploit these flaws to inject command-line instructions and access the files to execute arbitrary code on the server, respectively.

Top Scams Reported in the Last 24 Hours
Chip card scam
Financial institutions are being warned about a new scam involving the theft of chip-based debit cards. Scammers are intercepting the new debit cards in the mail and replacing their chips with old ones. How are scammers managing to pull off this act is not known yet. However, officials are suspecting the involvement of US postal service employees.

WhatsApp scam
A new scam is being perpetrated on WhatsApp. Users are receiving fake messages that Virgin Atlantic is giving away free tickets on the eve of its 35th anniversary. The message contains a URL, clicking on which redirects the users to a page asking them to fill out few questions related to victim's personally identifiable information. To stay safe, users are advised to cross-check the spelling of the URL and the domain address before clicking on it.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.