Share Blog post
A new ransomware belonging to the Infinite Tear ransomware family, called WhiteRose ransomware, has been discovered by security researchers. The ransomware was discovered infecting devices and encrypting files by attaching '.WHITEROSE' extension. Users are advised to avoid paying a ransom, as this ransomware is surprisingly decryptable.
IcedID banking trojan
The IcedID banking trojan, which used Emotet to distribute itself, has been noticed spreading via emails with attached malicious Microsoft Word documents containing Macros. The trojan is also using the Rovnix malware to infect systems. IcedID employs a minimalist process injection technique to avoid detection.
A new botnet, called IoTroop, has been designed by hackers in order to specifically target the financial sector. Unlike Mirai, this botnet attempts at infecting vulnerable devices by exploiting vulnerabilities and not via unchanged administrator credentials. IoTroop has over 13,000 devices—each with a unique IP address.
The security patch for the exploitable memory corruption vulnerability in the Microsoft Malware Protection Engine (MMPE) has been released. The update gets automatically installed in systems with update management software configured to automatically approve and distribute engine updates.
Flaws in Spring Framework apps
The open source framework for Java-based enterprise applications, Spring Development Framework, was discovered with three vulnerabilities. One is a remote code execution vulnerability (CVE-2018-1270), the second one allows hackers to execute directory traversal attack (CVE-2018-1271), the third one is dubbed CVE-2018-1272. Users are advised to install versions 5.0.5 and 4.3.15 to stay safe.
Security flaws in Moxa devices
Two security flaws have been discovered in Moxa devices. The first flaw is found in the Moxa AWK-3131A 802.11n industrial wireless networking gear and the second resides in Moxa’s MXview network management software. Hackers can exploit these flaws to inject command-line instructions and access the files to execute arbitrary code on the server, respectively.
Financial institutions are being warned about a new scam involving the theft of chip-based debit cards. Scammers are intercepting the new debit cards in the mail and replacing their chips with old ones. How are scammers managing to pull off this act is not known yet. However, officials are suspecting the involvement of US postal service employees.
A new scam is being perpetrated on WhatsApp. Users are receiving fake messages that Virgin Atlantic is giving away free tickets on the eve of its 35th anniversary. The message contains a URL, clicking on which redirects the users to a page asking them to fill out few questions related to victim's personally identifiable information. To stay safe, users are advised to cross-check the spelling of the URL and the domain address before clicking on it.
Posted on: April 06, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.