Cyware Daily Threat Intelligence, August 28, 2019

See All
As the cyberspace becomes dangerous day by day, security experts are leaving no stone unturned to protect critical assets and infrastructures which could be potential targets for cybercriminals. In a major crackdown, Avast, along with the French National Gendarmerie, has disinfected over 850,000 Windows systems by taking down command and control(C2) servers of Retadup malware. This was made possible by the discovery of a design flaw in the C2 communication protocol of the malware by Avast researchers.

A new botnet named Ares was also uncovered in the past 24 hours. The botnet leverages Android Debug Bridge (ADB) for propagation. It affects Android set-top boxes manufactured by HiSilicon, Cubetek, and QezyMedia. ADB can be accessed on TCP port 5555 in three ways via a wired connection, Wi-Fi or over a network or the internet.

Top Breaches Reported in the Last 24 Hours

New Kent County Public Schools attacked
New Kent County Public Schools were subjected to a ransomware cyberattack recently. The ransomware encrypted nearly the entire school network. As the cyberattack encrypted the files located on the school district’s internal hard drives, staff members are unable to access the files, documents, and data they have created. School officials claim that they are working to put an end to the issue before students head back for classes.

Imperva firm suffers an attack
A security incident has been disclosed by the Cyber-security and DDoS mitigation firm Imperva, which affected the users of their Cloud Web Application Firewall (WAF), previously known as Incapsula. A third-party was responsible for notifying them about a data breach that exposed the data of some of their Cloud WAF customers. Customer email addresses, the hashed and salted passwords, and in some cases the API keys and SSL certificates, were among the data that was exposed.

Top Malware Reported in the Last 24 Hours

Ares botnet
Ares is a newly discovered botnet that affects Android set-top boxes manufactured by HiSilicon, Cubetek, and QezyMedia. The botnet leverages vulnerable Android Debug Bridge (ADB) for propagation. This vulnerable ADB can be accessed on TCP port 5555 in three ways via a wired connection, Wi-Fi, or over a network or the internet.

Malicious CamScanner app
A recent report reveals that the widely used CamScanner app contained a trojan dropper named Trojan-Dropper.AndroidOS.Necro.n. The app has more than 100 million downloads worldwide. Upon discovery, Google has removed the app from its Play Store. The trojan dropper included in the app is capable of installing malicious payloads and stealing targets’ data.

Retadup malware C2 servers taken down
Avast, along with the French National Gendarmerie, has taken down the command and control servers of Retadup malware. After gaining access to the infrastructure, they deleted the malware using specific commands. In this manner, they effectively disinfected over 850,000 Windows systems.

China Chopper
China Chopper is a web shell that was used in the massive ‘Operation Soft Cell’ campaign affecting telecommunication providers worldwide. The tool allows malicious actors to remotely control a target system. Researchers note that China Chopper has also been used by some state-sponsored actors such as Leviathan and Threat Group-3390.

Top Vulnerabilities Reported in the Last 24 Hours

Check Point patches a vulnerability
Check Point has patched a privilege escalation vulnerability discovered in its Endpoint Security Initial Client software for Windows. The flaw, tracked as CVE-2019-8461, can allow potential attackers to escalate privileges and execute malicious code using SYSTEM privileges. The flaw can also be abused to evade anti-malware detection by bypassing application whitelisting. Check Point has patched the flaw with the release of Endpoint Security Initial Client for Windows version E81.30.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, August 29, 2019
Next
Cyware Daily Threat Intelligence, August 27, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.