Top Malware Reported in the Last 24 Hours
BackSwap trojan evolves
Security researchers have discovered a phishing campaign named 'Fractured Block' targeting the Korean peninsula. The attack campaign uses a malicious dropper named CARROTBAT to deliver decoy documents and additional payloads such as remote access trojans. The decoy document file formats supported by the malware are .docx, .eml, .hwp, .jpg, .pdf, .png, .ppt, .pptx, .xls, and .xlsx.
Pied Piper campaign
A new phishing campaign named as 'Pied Piper' has been found hitting multiple targets. The campaign is used to deliver various RAT payloads on to the targeted machines, across the globe. One such RAT used in the campaign is the FlawedAmmyy RAT. It enables the attackers to take complete control over a victim's system and steal confidential data and files.
Top Vulnerabilities Reported in the Last 24 Hours
A flaw in IBM WebSphere Application Server
IBM WebSphere Application Server has been detected with a critical privilege escalation vulnerability. The flaw is dubbed as CVE-2018-1840 and affects both 9.0 and 8.5 versions of the WebSphere Application Server. The flaw can allow a remote attacker to gain elevated privileges on the system when a security domain is configured to use a federated repository other than the global federated repository. Users are advised to apply fix pack v126.96.36.199 or later if they are using the version 188.8.131.52 to 184.108.40.206. While in the case of version 220.127.116.11 to 18.104.22.168, users must apply v22.214.171.124 or later.
Top Breaches Reported in the Last 24 Hours
Commonwealth bank brandjacked
Brandjackers are incorporating the logo and branding of Australia's best known Commonwealth bank to trick users into giving their confidential details. The scam involves sending phishing emails to victims, notifying that there are some errors in their account details. The email comes attached with a malicious link which when clicked, takes the victims to a bogus sign-in page.
EternalBlue spotted in the wild
Leaked NSA exploit kit, EternalBlue, has been found compromising more than 45,000 internet routers in a recent attack campaign. The campaign leverages the vulnerable Universal Plug and Play (UPnP) and exposes the devices that are connected to routers through open ports 139 and 445. The attack has exposed nearly two million computers, phones, smart speakers, robot vacuum cleaners, tablets, and other devices.
Top Scams Reported in the Last 24 Hours
Gift card scam
With Christmas and New Year around, hackers are being observed using a new scam to trick employees into buying gift cards. The scammers pose as CEOs to trick office managers, executive assistants and receptionists into sending them gift cards. Unlike other scam campaigns, the emails sent in this campaign do not have malicious links or files. Additionally, the attackers capitalize on the urgency of holidays and pose the request as a company surprise, thus discouraging the victim from confirming the legitimacy of the request. Using the simple social engineering technique of CEO impersonation, attackers are easily exploiting people's holiday mood.