Share Blog post
A new campaign has been discovered, where hackers are using malicious RTF documents to execute embedded VBA macro code, and drop Quasar RAT and NetWiredRC payloads. The RTF documents have an Excel sheet which contains a macro, which upon execution, downloads the malware payloads.
The LockCrypt ransomware was first discovered in January 2017, as a new addition to the ransomware family that spreads via Remote Desktop Protocol (RDP), brute-force attacks. Users are advised to configure proper account lockout policies to prevent accounts to be brute forced over Remote Desktop Services.
Mirai spin-offs are still continuing
Hackers are still developing variants of the Mirai botnet. Satori, which was regarded as a possible successor of Mirai, was posted on Pastebin for IoT hackers. Like any other Mirai variants, this also relied on brute-force password guessing.
A new update has been released by RubyGems that includes security patches to various vulnerabilities. The update patches path traversal vulnerabilities that exist when writing to a symlinked basedir outside of the root and during gem installation. It also fixes a cross-site scripting (XSS) vulnerability and a possible unsafe object deserialization flaw.
Apple patches unicode bug
Apple rolled out a patch for the "Telugu" bug in iOS 11.2.6, macOS 10.13.3, tvOS 11.2.6, and watchOS 4.2.3. The bug caused browsers or other apps to crash on iPhones, iPads, Macs and even Watch OS devices.
uTorrent still exploitable
uTorrent--a popular Bitcoin client--has been found with vulnerabilities that could allow outsiders to remotely execute code through uTorrent’s remote control feature. Despite being patched, researchers discovered that it doesn't fix the issues. Users are requested to disable the client’s remote control functionality for now.
The City Union bank in India recently announced that it had been hacked by attackers who breached the systems to steal nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform. Hackers also disabled the City printer connected to SWIFT to prevent the bank from receiving messages.
Telsa gets breached
The Amazon Web Services (AWS) environment used by Tesla got breached. Hackers were able to access sensitive data stored in Amazon Simple Storage Service (S3) buckets. The breach occurred due to an unsecured open-source Kubernetes system--used to automate Linux container operations.
Posted on: February 21, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.