Cyware Daily Threat Intelligence April 11, 2018

Top Malware Reported in the Last 24 Hours
Injectbody/Injectscr plugins evolve
The malicious plugins: Injectbody and Injectscr which were found creating a new wave of Wordpress infections in February are back with an evolved attack vector. Currently, they target the core WordPress JavaScript files wherein the hackers add the malicious code and then obfuscate the entire file content along with the legitimate code in order to clean the files without disrupting the functionalities of sites.

Mirai-like Scanning activity detected
Researchers have observed an influx of activities coming from 3,423 IP addresses of scanners used in China. The attack behavior is found to be similar to that of the Mirai botnet. The infection method involves continuous scanning on the internet in order to find vulnerable devices and then using default credentials to hijack them. 167 routers, 16 IP cameras, and 4 digital video recorders (DVRs) were used to in the scanning activity.

Top Vulnerabilities Reported in the Last 24 Hours
Wireless Keyboard 850 vulnerability patched
Microsoft has released the April edition of its monthly security update which has fixed a total of 67 CVE-listed vulnerabilities. One of the important patch released is for the Wireless Keyboard 850 vulnerability (CVE-2018-8117). The flaw allowed attackers to reuse the keyboard's AES encryption key to record keystrokes or inject malicious commands into a victim's computer.

Spectre Variant 2 patched
AMD has released microcode updates to mitigate exploitations by variant 2 of the Spectre flaws. The update covers patches for AMD processors dating back to the first 'Bulldozer' core products which were introduced in 2011.

CVE-2018-0950 partially patched
Among all the fixes released by Microsoft in its April edition, the old Outlook vulnerability (CVE -2018-0950) seems to have not been completely patched. After applying the update, the system administrator needs to follow some further workarounds like locking inbound and outbound SMB connections at the network border and NTLM Single Sign-on (SSO) authentication. The so-called CVE-2018-0950 vulnerability allowed hackers to steal user account passwords and NTLM hashes from Windows computers.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.