Cyware Daily Threat Intelligence December 09, 2017

WordPress malware
A new malware campaign has been unleashed which is threatening WordPress installs. The malicious code tracked as Wp-Vcd hides in legitimate WordPress files and is used by attackers to add a secret admin user and gain full control over infected websites.

Locket ransomware
A screen locker threat — Locket ransomware — is scaring victims into paying the ransom by impersonating CryptoLocker ransomware. It is designed to block access to the victim's computer, and then, to restore access to the affected PC.

Quant Trojan
The latest version of Quant Trojan is designed to target cryptocurrency wallets and bitcoins they hold. Quant loader is used as first stage infection which is able to stealthily download more complex bits of malware and enable automatic download of files. Apple fixes HomeKit flaw
In a relief to the HomeKit users, Apple has reportedly fixed a security flaw for iOS 11.2. The bug allowed unauthorized individuals to access smart locks and garage doors. It was a server-side update, which means, the fix gets automatically updated without any requirement from the users. The fix also temporarily disabled remote access to shared users, which will be restored soon.

Google Chrome vulnerability
Several flaws have been detected in Google Chrome, and CVE-2017-15407 is identified to be the most of them which could result in arbitrary code execution. This vulnerability can be exploited if a user visits, or is redirected to, a specially crafted web page.

WAGO PFC flaw
The WAGO PFC200 PLC series based on Linux contain a vulnerable version of the CODESYS runtime (2.4.7.0). The CODESYS process runs with “root” privileges and can be abused in multiple ways to read/write/delete files or to modify the PLC program during runtime without any authentication. Sinai data breach
Employees of Chicago-based Sinai Health System had their email accounts compromised in a data breach incident recently. This incident is thought to have affected about 11,350 people. Although, the authority was unsure if the patient information has been exposed.

Naked Rowers calendar hit
In a recent incident, the website used to sell merchandise for the University of Warwick's rowing club was hit with a DDoS attack. The team magazine was banned for sale in Russia and this is said to have prompted the attack. The team has spoken out against homophobia in sports and sells its nude team calendar on its website to help raise funds for various causes.