Cyware Daily Threat Intelligence April 12, 2018

Top Malware Reported in the Last 24 Hours
IoT devices exploited for botnet operations
It has been found that at least 65,000 routers have been compromised by botnet operators and cyber-espionage groups (APTs) to create proxy networks in order to carry out illegal activities. Hackers are abusing the Universal Plug and Play (UPnP) protocol that comes with all modern routers to proxy bad traffic and hide their real location.

CoinMiner injects Coinhive JavaScript
An increase in the operations of the malware variant CoinMiner/CoinMiner-FOZU has been noted by security researchers. The malware mines for cryptocurrency by injecting Coinhive JavaScript into HTML files and blocking the domains of security products. The malware also deletes both ISO and GHO files to prevent victims from restoring clean copies.

Chtonic banking malware
Hackers are breaching legitimate websites in order to spread Chtonic banking malware, a variant of ZeusVM, to users through fake alerts for browser updates. This attack method is in use since December last year. To stay safe, users are advised not to click on random pop-ups asking them to download browser updates.

Top Vulnerabilities Reported in the Last 24 Hours
SAP patches critical flaws
SAP has released the April 2018 Security Patch Day, containing a collection of 10 security patches that address critical vulnerabilities in web browser controls in SAP Business Client. The patches also address a DoS flaw (tracked as CVE-2017-7668), an improper session management (CVE-2018-2408) and a code injection vulnerability.

Screen lock bypass vulnerability in iOS
A screen lock bypass flaw has been discovered in the Signal app of iOS versions prior to 2.23.1.1. The bug works based on the click sequence that includes app opening, clicking on cancel and using the home button. Users are advised to update to Signal app’s version 2.23.2 to stay safe.

Multiple vulnerabilities in Simple DirectMedia Layer
Several security flaws have been discovered in Simple DirectMedia Layer's SDL2_Image library, version 2.0.2. The vulnerabilities include CVE-2018-3837, an exploitable information disclosure flaw; CVE-2018-3838, an information vulnerability in XCF image rendering functionality; and CVE-2018-3839, a code execution vulnerability.

Top Breaches Reported in the Last 24 Hours
A cyber attack on Islamic State
The United Kingdom has launched a cyber attack campaign against the Islamic State group to hinder the group's ability to coordinate attacks and suppressed their propaganda. The National Cyber Security Centre (NCSC) and UK law enforcement have also designed a new categorization brief for cyber attacks in order to improve consistency and speed in incident responses.

A data breach at GWR
Britain's Great Western Rail (GWR) has recently suffered a data breach incident where the company’s customer accounts were accessed by the hackers. Only 1000 accounts were directly affected out of more than one million. Customers are advised to change their passwords immediately.

Radar and other Bridge systems breached
A simulated penetration test has been conducted by ethical hacking experts from Naval Dome to check how vulnerable radar systems are. Experts could breach into the systems of ECDIS, voyage data recorders, and radar systems. This is done so adeptly that no suspicion is aroused.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.