Share Blog post
A Bitcoin phishing operation, called CoinHoarder, responsible for a theft of $50 million worth of cryptocurrency was discovered by Cisco researchers. Hackers used Google Adwords to manipulate users' search results and steal wallets credentials. Scammers also targeted the popular bitcoin wallet site blockchain[.]info with a client request magnitude of over 200,000 client queries.
Malicious WordPress plugins
The Satori botnet is targeting routers, cameras, and other types of Internet-connected devices into potent tools to launch cyber attacks. It often exploits unpatched firmware to infect a device.
Researchers are discovering new ways of exploiting the Meltdown and Spectre vulnerabilities. The latest exploit techniques, called MeltdownPrime and SpectrePrime, trick multi-core systems into leaking data stored across more than one processor memory cache. They utilize the timing attack techniques called Prime+Probe and Flush+Reload to exploit the cache invalidations and leak victim memory.
Microsoft Outlook bugs
The February patch released by Microsoft rolled out 50 fixes covering vulnerabilities. Two of these vulnerabilities--CVE-2018-0852 (a remote code execution vulnerability) and CVE-2018-0850 (an elevation of privilege bug)--were also targeting Outlook. Exploiting these vulnerabilities would allow hackers to exploit a flaw in Outlook’s incoming mail processing and load a local or remote message store over SMB.
A spam message is being circulated in WhatsApp, regarding free Adidas shoes. The message asks users to fill a form--asking for sensitive personal details--in order to win a free pair of Adidas shoes. The message reads: “Adidas is giving away 3,000 Free Pair of Shoes to celebrate its 93rd anniversary. Get your free shoes at: Adidas[dot]com/shoes’[dot]ils.”
Web spam notifications
Emails spams are soon going to be a thing of the past with scammers coming up with new techniques to deliver spam notifications to victims' browsers. This new method is called web notification spam and numerous malicious websites are being setup to run this tactic.
Posted on: February 15, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.