Cyware Daily Threat Intelligence December 26, 2018

Top Malware Reported in the Last 24 Hours

Windshift's Mac malware
Three macOS malware samples - used by Windshift APT group for a cyberespionage - continues to go undetected by most antivirus providers even after 4 months since its discovery. The rare macOS malware used by the APT group is tracked as OSX.WindTail.A, OSX.WindTail.B, and OSX.WindTape. The Windshift APT group leverages malicious websites to launch these malware samples.

WannaCry ransomware continues its havoc
The notorious WannaCry ransomware continues to spread the infection even after 18 months of its initial outbreak. Earlier this year, a security researcher from Krypto Logic had registered a domain that acted as a kill switch for the WannaCry ransomware. Once connected to WannaCry, the domain would deactivate the components of the ransomware. Despite the discovery of the kill switch, the WannaCry infection continues to run silently in the background, while still having access to the domain stats. The connections of the WannaCry kill switch domains are found to come from over 630,000 unique IP addresses located in 194 different nations.

Top Vulnerabilities Reported in the Last 24 Hours

Magellan RCE flaw
Security experts have discovered a high-severity flaw in the SQLite database software named as 'Magellan'. The flaw is tracked as remote code execution vulnerability (CVE-2018-20346) and affects debian_DLA-1613[.]nasl version 1.1 filesystem. The flaw is now fixed by implementing additional protection layers against the corrupt databases to fts3/4. The issue in Debian 8 'Jessie' products is fixed in version 3.8.7.1-1+deb8u3. Users are recommended to upgrade the SQLite 3 packages to the latest version. 

Critical flaws in Schneider EV
Researchers at Kaspersky Labs have found critical flaws in Schneider Electric Vehicle(EV) charging stations. The flaws are tracked as CVE-2018-7800, CVE-2018-7801, and CVE-2018-7802 and could allow attackers to start or stop home charging station. The situation can turn even worse if the flaw is abused to set a house on fire. The CVE-2018-7801 and CVE-2018-7802 are code injection flaw and SQL injection flaw respectively. The issue has been reported to ChargePoint security firm - who later released security patches to fix the flaws.

Top Scams Reported in the Last 24 Hours

BMW lottery scam
A new phishing scam that tricks users into believing that they have won a brand new BMW 2 Series M240i and $1,500,000, is doing rounds on the internet. The scammers send emails requesting users to fill in their personal details such as names, addresses, and contact numbers in order to claim the prize. The subject line of the spam email goes as "Claim Your Car and Check Your Winning Code." The data gained by scammers can be used for future identity theft attacks. 

Phone scam in Contra Costa County
The residents of the Contra Costa County are being warned about a new scam that involves telecallers asking for the victim's Social Security Number. The fraudsters call the victims and tell them to pay a certain amount as a fee in order to unlock their Social Security Number. The Federal Trade Commission(FTC) says that there has been a surge in such type of scams during the holiday season. Users are urged not to share their Social Security Number to anyone in this fashion. They should not also share their payment card details over the phone.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.