Cyware Daily Threat Intelligence August 21, 2017

Patched Microsoft flaw abused
Hackers have been found to be exploiting the CVE-2017-0199 flaw to deliver malware through PowerPoint Slide Show. However, this security loophole was fixed back in April 2017 for MS-Office. The attacks are specifically targeting electronic manufacturers. Users are advised to patch the software immediately.

Visual Studio flaw deletes files
A software developer recently claimed that his three months of code was deleted from a vulnerability present in Visual Studio. The main reason for the wipe is "control gaps", in addition to the absence of the Git repository. Control gaps should be clearly documented to draw attention. To prevent such a predicament, it is recommended to backup your codes regularly.

WSearch vulnerability courts attacks
A remote code execution flaw has been surfaced in the Window Search feature. The vulnerability is found when Windows search handles objects in memory. An unauthorized hacker can remotely trigger the flaw through an SMB connection and take control of the target computer. To mitigate the security loophole, users are advised to disable WSearch temporarily. HBO leaks continue
The hacker group going by the name “Mr. Smith Group” has continued its stream of HBO data leaks. After the much-hyped leak of Game of Thrones episode 6, it has now revealed HBO’s social media passwords. Also, the group has threatened to release the Game of Thrones finale if their demanded ransom isn’t paid.

Angry gamer behind Dyn assault
The cyberattack that earlier rocked the USA’s internet is now being associated to an angry gamer, which was caused by Mirai botnet. The attack on Dyn, a company that controls most of the DNS infrastructure, in turn, had an immense effect on PlayStation network.

Ex BofA employee accused of insider trading
Daniel Rivas is said to have accessed M&A information and sent it to his friends on more than 50 occasions. Who in turn used the information to buy and sell securities according to the investigation report. To evade detection, the team used code words and encrypted messages to communicate and pass the information amongst themselves.