Cyware Daily Threat Intelligence December 05, 2017

Shadow ransomware
Recently, a new variant of the BTCWare ransomware has been discovered that spreads by hacking into poorly protected remote desktop services and manually installed by crooks. The new Shadow BTCware Ransomware variant appends the .[email]-id-id.shadow extension to the encrypted files.

Ramnit Trojan
The malicious program — Ramnit Trojan — that has been active since 2015 is now delivered through Seamless campaign. It is one of the most prolific malvertising chains pushing the RIG exploit kit.

Test Cryptomix ransomware
Security researchers have identified a new variant of the CryptoMix ransomware, dubbed ‘Test Cryptomix’, which appends the .TEST extension to encrypted files and changes the contact emails used by the ransomware. It encrypts the data like CryptoMix but with added variations. The attackers are spreading ransomware using malicious notification or download buttons, or via P2P networks. Cisco’s Data Center Network Manager flaws
The Cisco’s software has been found to be plagued with five medium-rate vulnerabilities that could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content, or conduct a cross-site scripting, (XSS) attack against a user of the affected software.

RSA fixes two critical bugs
A flaw that caused authentication bypass in RSA Authentication Agent for Apache Web Server was a known critical bug. This along with an inherited bug are plugged now. RSA developers and admins are advised to patch these critical bugs.

Siemens SWT 3000 flaw
SWT3000 devices are affected by the authentication-bypass vulnerability. The flaw could allow attackers to perform a denial-of-service attack under certain conditions. The flawed devices allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP traffic. Tio networks breached
TIO Networks, the Canadian company, was recently acquired by PayPal. It’s in the news lately because it suffered a breach that resulted in leakage of stored information for 1.6 million customers. The intruder(s) got access to personally-identifiable information (PII) and financial details of both TIO customers and TIO billers.

APT-19 targets Australian law firms
APT-19, the Chinese hacking group are now found to be targeting Australian law firms which have sensitive information valuable to corporate bodies. They have also been successful in hacking an Australian research body. The origin of these Chinese hackers still remains unclear.

Telnet passwords leaked
Recently, the security researchers have found that at least half of the Serial-to-Ethernet devices manufactured by Lantronix could potentially leak the Telnet passwords. A vulnerability found in these devices is allowing attackers to retrieve the setup config of Lantronix devices by sending a malformed request on port 30718.