Cyware Daily Threat Intelligence February 08, 2018

Operation PZChao
A new custom-built malware has been discovered by security researchers that could denote the return of the notorious Chinese hacker group--Iron Tiger. The campaign is dubbed Operation PZChao, and is targeting institutions in the government, technology, education, and telecommunications sector in Asia and the US.

ShurL0ckr ransomware
A new strain of Gojdue ransomware, dubbed ShurL0ckr, has been detected. This ransomware is able to elude detection from a majority of anti-virus (AV) engines and cloud applications including Google Drive and Microsoft Office 365. The ransomware is found to be demanding Bitcoin as ransom. Joomla patches injection flaws
In the newly released update, Version 3.8.4, Joomla released patches to a SQL injection vulnerability and three cross-site scripting (XSS) vulnerabilities, apart from 100 bug fixes. The vulnerabilities allowed an attacker to leak password hashes or hijack a logged-in user's session.

Patch released for Hotspot Shield bug
A vulnerability, dubbed CVE-2018-6460, is now patched. The bug found in Hotspot Shield VPN utility can be exploited by attackers to obtain sensitive information--such as users’ location and possibly their identity. Users are advised to update their Hotspot Shield.

Vulnerable gas station software
The SiteOmat Station Automation Software has been found to be vulnerable to a variety of attacks. Several flaws--including hardcoded credentials (CVE-2017-14728), persistent XSS (CVE-2017-14850), SQL injection (CVE-2017-14851), insecure communications (CVE-2017-14852), code injection (CVE-2017-14853), and remote code execution (CVE-2017-14854)--were found. Apple's iBoot source code leaked
An unknown users published what is claimed to be the iBoot component of Apple's iOS on GitHub. The code is used for verifying iOS kernel signing, as well as performing other critical tasks related to loading the mobile operating system. There is no response from Apple regarding the breach yet.

Breach at Swisscom
A data breach at Swiss telecom company, Swisscom, resulted in data leak of 800,000 of its clients. The breach took place in autumn of 2017. Non-sensitive data such as customers’ names, addresses, telephone numbers and dates of birth were leaked. Fortunately, passwords, conversations or payment data weren't compromised.