Cyware Daily Threat Intelligence April 26, 2018

Top Malware Reported in the Last 24 Hours
Crossrider adware variant
A new variant of the Crossrider adware was discovered infecting Mac devices. Researchers have found that this variant uses a unique attack method for maintaining persistence. The malware forced Safari and Chrome browsers to redirect users to chumsearch[dot]com. Unfortunately, this behavior cannot be changed from browser settings.

Metamorfo campaigns
A new stream of financial malware campaigns targeting Brazilian companies was discovered. Dubbed Metamorfo, the campaigns abuse legitimate, signed binaries to load the malicious code. The campaigns use phishing emails with links to legitimate domains or compromised domains to distribute itself. Sometimes the URL shortener redirects the user to an online storage site that hosts a malicious ZIP file.

HPE Integrated Lights-Out (iLO 4) targeted
The hard drives of Internet-accessible HPE Integrated Lights-Out (iLO 4) remote management interfaces are being targeted by hackers in order to infect the systems with ransomware and demand a payment in Bitcoin. Users are advised to keep the remote administration tools such as iLO 4 off the internet, to stay safe from such attacks.

Top Vulnerabilities Reported in the Last 24 Hours
Updates for Windows 10
Microsoft has released security patches for all supported versions of Windows 10. These patches contain fixes for the Total Meltdown vulnerability, introduced in cumulative updates that were released for Win 7 and Server 2008R2. Microsoft released KB 4078407 as a software side fix for Spectre variant 2.

Critical bug in Hikvision
An authentication bypass flaw was discovered in Hikvision’s hik-connect[.]com. When exploited, this flaw could allow hackers to hijack cameras, DVRs, and accounts. The vulnerability also allows attackers to monitor user devices and make live video and playback from the device. Users would not have the slightest hint that someone else is watching.

Top Breaches Reported in the Last 24 Hours
Sensitive data of Bezop users left open
Around 25,000 investors of the Bezop cryptocurrency had their data stolen due to an unsecured MongoDB. Exposed data included names, addresses, encrypted passwords, copies of driver's license and passports, wallet information etc. The organization behind the currency immediately secured the data.

New Jersey school employees lose data
A privacy breach at Irvington Public Schools in New Jersey exposed partial data of 1,200 employees’ Social Security Numbers. The incident occurred after an email was sent with the details to an undetermined number of recipients. The email included names and social security numbers.

Amazon Traffic Hijacked
Multiple Cloud services of Amazon were hijacked, redirecting users to malicious websites. About 13,000 IP addresses were exploited to carry out this attack. Hackers also directed traffic from MyEtherWallet to a fake page to siphon cryptocurrency off of users. About $27 million worth of cryptocurrency was stolen in this attack.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.