Cyware Daily Threat Intelligence April 30, 2018

OSDSoft distributes cryptominers
Security researchers have discovered the video download software site, OSDSoft, is mining cryptocurrency. The campaign affects about 6000 machines in just a few months. The miners are updated by tricking users into downloading fake Adobe Flash Player update services. File storage services such as AWS (Amazon Web Services), Dropbox and Github are being used to store and distribute the miners.

Zebrocy tool
The Zebrocy tool is an amalgamation of a Delphi downloader, an AutoIt downloader and a Delphi backdoor, and acts as a first-stage malware in attacks. The tool has been used extensively by the Russian threat actor Sofacy over the past couple of years as a downloader for the actor’s main backdoor, Xagent. It is generally distributed via malicious email attachments. Flaw in WebLogic Servers, patched
Hackers are desperately searching for devices running the Oracle WebLogic servers in order to exploit the critical vulnerability (CVE-2018-2628) to execute code on remote WebLogic servers. Even though a patch has been released for this flaw, it was found to be incomplete and there’s a way to bypass this patch.

EOS Smart Contract Vulnerability
A critical vulnerability--similar to the ‘batchOverflow’ bug--was found embedded in the EOS smart contract architecture. The vulnerability works by exploiting lines of code that contain a value for the variable ‘amount’, which is determined by the multiplication of values for variables ‘cnt’ and ‘value’.

SAP Netweaver flaw
A 13-year-old vulnerability impacted over 90 percent of SAP systems, affecting at least 378,000 users worldwide. This flaw can be exploited by a remote unauthenticated attacker who has network access to the system. To stay safe, users are advised to properly configure SAP Message Server ACL and implement continuous compliance checks for security-relevant configurations. Student loan data breach
The student loan services company, Access Group Education Lending, was hit by a data breach which resulted in the compromise of files containing personal data of around 16,500 borrowers. The files contained borrowers' names, driver's license numbers and Social Security numbers.The data was inadvertently released by Nelnet, which processes student loans for Access Group.

Zippy’s restaurants involved in a data breach
ED of the State of Hawaii Office of Consumer Protection (OCP) started an investigation into a data breach involving Zippy’s Restaurants in Hawaii. It is being speculated that the credit and debit cards used at Zippy’s Restaurants may have been compromised. OCP said that all the affected users will be allowed on free credit report per year.