Cyware Daily Threat Intelligence December 13, 2017

StrongPity2 spyware
The malware StrongPity2 is named after the group — StrongPity. It has been used in man-in-the-middle attacks and exploits a number of popular websites to help install and spread the malware. The propagation campaign uses HTTP redirects for "on-the-fly" browser redirection to set up a man-in-the-middle attack and distribute StrongPity2 spyware.

MoneyTaker group
A group of Russian hackers — MoneyTaker — has stolen as much as $10 million from U.S. and Russian banks since mid-2016. The attackers used Corkow Trojan and Buhtrap — a fileless malware — to gain access. The attackers further covered their tracks with encryption certificates generated using brand names such as Bank of America Corp., Microsoft Corp., and the Federal Reserve. Apple product flaws
A flaw for rooting exploit in Apple was discovered. The flaw was found to be working on both iOS and macOS devices. It can cause multiple memory corruption issues due to improper memory handling. Successful exploitation of this vulnerability could result in arbitrary code execution within the context of the application.

Spotify forum vulnerability
In another discovery, tech support scammers have been using the Spotify forums to inject their phone numbers into the first page of the Google and Bing search results. They do it by submitting a constant stream of spam posts to the Spotify forums, whose pages tend to rank well in Google. The flaws existing in the current configuration of Spotify forum allows spammers take advantage.

Keylogger vulnerability
In a startling discovery, a potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impact all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. The flaw allows an attacker to monitor keylogs and extract personal information. Cryptocurrency exchanges down
The popular Cryptocurrency exchanges — Coinbase and Bitfinex — are affected by heavy DDoS attacks. Bitfinex actually tweeted that its API was down. They also posted an alert saying that some of their services are returning online, but with reduced performance. It is still not clear if the attack on both the exchanges is related to any cyberattacks.

NCPC reveals ransomware attack
In another discovery, the National Capital Poison Center (NCPC) has disclosed about the ransomware attack it suffered a few months ago. The infection was detected by the health resources in October. After that, an investigation has been launched with the help of third-party experts which confirmed the ransomware attack.

Perth Airport breach
The systems of Perth Airport have successfully broken into by a Vietnamese hacker. It is reported that the hacker stole sensitive security details and building plans including building schematics and details of physical security at airport buildings.