Cyware Daily Threat Intelligence April 18, 2018

Top Malware Reported in the Last 24 Hours
SquirtDanger malware
The Russian malware author, TheBottle, has developed a commodity botnet malware family called SquirtDanger. The malware is spread via illicit software downloads and persists via a scheduled task that is set to run every minute. SquirtDanger is equipped to take screenshots, send files, clear browser cookies, list processes, kill process among hoards of other tasks.

XiaoBa ransomware has been reprogrammed
Security researchers have recently discovered that the XiaoBa ransomware has been reprogrammed into a cryptocurrency miner. Once infecting a system, the current version of XiaoBa coinminer injects a copy of itself and the legitimate XMRig cryptocurrency mining software inside all EXE, COM, SCR, and PIF files. It also injects a copy of the Coinhive JavaScript library.

Magnitude EK now downloads GandCrab
The Magnitude exploit kit no longer downloads Magniber ransomware. It is now using a fileless technique to load the GandCrab ransomware. The payload is encoded and embedded in a scriplet that is later decoded in memory and executed, thus making the method difficult to detect.

Top Vulnerabilities Reported in the Last 24 Hours
Vulnerabilities in Mar Foscam IP video camera
Around 32 vulnerabilities have been discovered in Foscam’s range of IP cameras, C1--a 1-megapixel cube indoor IP camera. These flaws have already been fixed. However, security researchers worry that it is a repeat of what happened last year. In June last year, Foscam had released a firmware update to address 19 remote injection vulnerabilities.

VR software vulnerable to attacks
Virtual reality systems like the HTC Vive and Oculus Rift were found to be vulnerable to cyber attacks by researchers from the University of New Haven. These systems don't have any kind of protection to avoid or stop a cyber attack and have the potential to cause real-world consequences.

Top Breaches Reported in the Last 24 Hours
Ikea suffers a data breach
A data breach has hit Ikea's TaskRabbit app. The app and website have been taken down while investigating the cybersecurity incident. The nature of the incident hasn't been revealed yet. However, the UK’s information commissioner’s office has mentioned that they’re looking into this situation.

Data firm leaks user profiles
Localblox, a data firm that collected personal profiles of 48 million combining data from sites and social networks like Facebook, LinkedIn, Twitter, Zillow, etc., leaked the information online. The company stored the information, without users' consent, in an unlisted Amazon S3 storage bucket without a password, allowing anyone to download its contents.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.