Cyware Daily Threat Intelligence April 10, 2018

PUBG ransomware
A new ransomware, going by the name PUBG ransomware, was discovered by security researchers. The ransomware employs a unique way of decrypting files--by asking victims to play the game called PlayerUnknown's Battlegrounds. The ransomware appends the '.PUBG' extension to the encrypted file name.

FormBook malware
The new FormBook malware is exploiting behavioral design flaws in .docx and RTF and the CVE-2017-8570 flaw in order to infect a system. Security tools are bypassed by use of embedded URLs instead of active code. Once infecting a system, the malware takes screenshots and steals personally identifiable information.

Ransomware attacks continue
An increase in ransomware attacks across the world has been observed by the National Cybersecurity and Communications Integration Center (NCCIC). Organizations are advised to strictly maintain cyber security hygiene--such as regularly updating systems, creating frequent backups etc--in order to stay safe from such attacks. SirenJack Flaw
A flaw has been discovered in the popular emergency alert system supplied by ATI systems. Exploiting this flaw could allow hackers to hijack the sirens and trigger false alarms. This exploitation is done via radio frequencies and hackers will have to be in radio range in order to carry out the exploitation.

Critical vulnerability in CyberArk
A remote code execution (RCE) flaw, dubbed CVE-2018-9843, has been discovered in the CyberArk Enterprise Password Vault application, that would allow hackers to gain unauthorized access to the system with the privileges of the web application. To stay safe, users are advised upgrade their software to version 9.9.5, 9.10 or 10.2. Vevo’s YouTube account hacked
The YouTube account of Vevo was hacked by cyber criminals, who deleted their most watched music video on YouTube, ‘Despacito’. The video was unavailable on YouTube for over an hour but is back again. Hackers behind this attack called themselves Prosox & Kuroi’SH and wrote ‘Free Palestine’ underneath the videos.

St Maarten Government ICT hit
A cyber attack hit the government organization of Sint Maarten, resulting in a complete shut down of the ICT-system in the government building. The building has also been closed down and services dealing with the public are not yet operational.

AU website hacked, again!
The official website of Andhra University (AU) was hacked by a Pakistani hacker who has previously defaced many Indian government sites. Even though the site has been since restored, it is still not properly visible to visitors.