Cyware Daily Threat Intelligence December 28, 2018

A new variant of Shamoon disk-wiping malware has surfaced recently. The malware obfuscates detection by behaving like the system optimization tool Enigma version 4. The variant uses a digital signature from Baidu that was issued on March 25, 2016, and expired on March 26, 2016. The malware is capable of deleting files from infected machines and making the machines unbootable. According to researchers, the new sample uses an image of a burning US dollar as a part of its destructive attack. It also disguises as legitimate software such as 'Baidu PC Faster' and 'Baidu WiFi Hotspot Setup'. Threat actors are using the variant to target oil and gas companies in the Middle East as well as small firms in Europe. The malware variant is uploaded on VirusTotal scanning platform from France. 

Researchers have detected a critical security flaw in Guardzilla's indoor surveillance devices. The flaw could allow attackers to access users'stored files and videos. It is found that all of the security cameras use the same hardcoded keys, thus making it easy for the attackers to hack passwords by exploiting the bug. Each device uses the same set of hardcoded keys to upload video recording to the company's Amazon S3 bucket. Hackers can use these keys to gain full access to the company's cloud storage, thereby putting the customers' data at risk. Experts believe that only updating the firmware and keys won't be enough to fix the issue. It requires a complete change of keys and establishing a proxy service.