Cyware Daily Threat Intelligence February 21, 2018

Top Malware Reported in the Last 24 Hours
RTF documents execute VBA Macro
A new campaign has been discovered, where hackers are using malicious RTF documents to execute embedded VBA macro code, and drop Quasar RAT and NetWiredRC payloads. The RTF documents have an Excel sheet which contains a macro, which upon execution, downloads the malware payloads.

LockCrypt ransomware
The LockCrypt ransomware was first discovered in January 2017, as a new addition to the ransomware family that spreads via Remote Desktop Protocol (RDP), brute-force attacks. Users are advised to configure proper account lockout policies to prevent accounts to be brute forced over Remote Desktop Services.

Mirai spin-offs are still continuing
Hackers are still developing variants of the Mirai botnet. Satori, which was regarded as a possible successor of Mirai, was posted on Pastebin for IoT hackers. Like any other Mirai variants, this also relied on brute-force password guessing.

Top Vulnerabilities Reported in the Last 24 Hours
RubyGems patches bugs
A new update has been released by RubyGems that includes security patches to various vulnerabilities. The update patches path traversal vulnerabilities that exist when writing to a symlinked basedir outside of the root and during gem installation. It also fixes a cross-site scripting (XSS) vulnerability and a possible unsafe object deserialization flaw.

Apple patches unicode bug
Apple rolled out a patch for the "Telugu" bug in iOS 11.2.6, macOS 10.13.3, tvOS 11.2.6, and watchOS 4.2.3. The bug caused browsers or other apps to crash on iPhones, iPads, Macs and even Watch OS devices.

uTorrent still exploitable
uTorrent--a popular Bitcoin client--has been found with vulnerabilities that could allow outsiders to remotely execute code through uTorrent’s remote control feature. Despite being patched, researchers discovered that it doesn't fix the issues. Users are requested to disable the client’s remote control functionality for now.

Top Breaches Reported in the Last 24 Hours
City Union bank
The City Union bank in India recently announced that it had been hacked by attackers who breached the systems to steal nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform. Hackers also disabled the City printer connected to SWIFT to prevent the bank from receiving messages.

Telsa gets breached
The Amazon Web Services (AWS) environment used by Tesla got breached. Hackers were able to access sensitive data stored in Amazon Simple Storage Service (S3) buckets. The breach occurred due to an unsecured open-source Kubernetes system--used to automate Linux container operations.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.