Cyware Daily Threat Intelligence August 16, 2017

Top Vulnerabilities Reported in the Last 24 Hours
Updates for Microsoft combo exploit
Microsoft has released new updates for a combo exploit campaign. The malicious campaign exploited the vulnerabilities of CVE-2017-0199 and CVE-2012-0158. The hackers apparently used the combo to drop the Lokibot banking Trojan.

Hackers encrypt phishing page with AES
Cybercriminals are sending malicious files camouflaged as an Apple invoice. The attackers have launched a phishing page encrypted with AES and the malicious files sent to the victims lead them to it. The encrypted page asks for users’ Apple credentials, once the victims enter them their personal and financial data would be compromised.

Patch released for Windows WSearch Service Vulnerability
Microsoft’s Windows operating system has been plagued with a search vulnerability. This flaw leverages the SMB vulnerability jeopardizing several machines hosting Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2 and more. Users should disable WSearch temporarily to mitigate the risk.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.