Cyware Daily Threat Intelligence December 05, 2017

Top Malware Reported in the Last 24 Hours
Shadow ransomware
Recently, a new variant of the BTCWare ransomware has been discovered that spreads by hacking into poorly protected remote desktop services and manually installed by crooks. The new Shadow BTCware Ransomware variant appends the .[email]-id-id.shadow extension to the encrypted files.

Ramnit Trojan
The malicious program — Ramnit Trojan — that has been active since 2015 is now delivered through Seamless campaign. It is one of the most prolific malvertising chains pushing the RIG exploit kit.

Test Cryptomix ransomware
Security researchers have identified a new variant of the CryptoMix ransomware, dubbed ‘Test Cryptomix’, which appends the .TEST extension to encrypted files and changes the contact emails used by the ransomware. It encrypts the data like CryptoMix but with added variations. The attackers are spreading ransomware using malicious notification or download buttons, or via P2P networks.

Top Vulnerabilities Reported in the Last 24 Hours
Cisco’s Data Center Network Manager flaws
The Cisco’s software has been found to be plagued with five medium-rate vulnerabilities that could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content, or conduct a cross-site scripting, (XSS) attack against a user of the affected software.

RSA fixes two critical bugs
A flaw that caused authentication bypass in RSA Authentication Agent for Apache Web Server was a known critical bug. This along with an inherited bug are plugged now. RSA developers and admins are advised to patch these critical bugs.

Siemens SWT 3000 flaw
SWT3000 devices are affected by the authentication-bypass vulnerability. The flaw could allow attackers to perform a denial-of-service attack under certain conditions. The flawed devices allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP traffic.

Top Breaches Reported in the Last 24 Hours
Tio networks breached
TIO Networks, the Canadian company, was recently acquired by PayPal. It’s in the news lately because it suffered a breach that resulted in leakage of stored information for 1.6 million customers. The intruder(s) got access to personally-identifiable information (PII) and financial details of both TIO customers and TIO billers.

APT-19 targets Australian law firms
APT-19, the Chinese hacking group are now found to be targeting Australian law firms which have sensitive information valuable to corporate bodies. They have also been successful in hacking an Australian research body. The origin of these Chinese hackers still remains unclear.

Telnet passwords leaked
Recently, the security researchers have found that at least half of the Serial-to-Ethernet devices manufactured by Lantronix could potentially leak the Telnet passwords. A vulnerability found in these devices is allowing attackers to retrieve the setup config of Lantronix devices by sending a malformed request on port 30718.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.