Top Malware Reported in the Last 24 HoursMirai-based botnet
A Mirai-based botnet, called OMG, is being used to turn IoT devices into proxy servers. The strings used in this Mirai variant is ‘/bin/busybox OOMGA’ and ‘OOMGA: applet not found’. Proxies are used by hackers to become anonymous while carrying out malicious activities.Ursnif malware campaign
Top Vulnerabilities Reported in the Last 24 HoursFlaws in uTorrent Windows version
Several security vulnerabilities have been spotted in BitTorrent’s official client, uTorrent. A fix has been released in uTorrent version 188.8.131.52352. uTorrent Web users can update to the latest available build 0.12.0.502.IOTA won't fix the flaw
A vulnerability has been spotted in IOTA that could open up users to a replay attack. IOTA was developed to enable fee-less microtransactions for the Internet of Things. However, IOTA denied to fix the issue as it believes this is a situation that will occur only in extreme circumstances.GitLab fixes issues
Security researchers discovered several bugs in GitLab that would allow hackers to hijack domains by exploiting a weakness in the way GitLab handles domain verification. Researchers were able to hijack 700 domains and subdomains. GitLab fixed the issue, and urged users to verify domain ownership by adding a DNS TXT record containing a token generated by GitLab.
Top Breaches Reported in the Last 24 HoursSamSam Ransomware breach
The Colorado’s Department of Transportation (CDOT) has been hit by SamSam ransomware, resulting in shutdown of more than 2,000 computers. The malware infected these systems, encrypted files and demanded to pay the ransom in Bitcoins. Interestingly, the ransomware only hit systems functioning on Windows OS.LA Times website mines Monero
The Los Angeles Times website has been mining cryptocurrencies. This happened after the newspaper's IT staffers left at least one of the publication's Amazon Web Services (AWS) S3 cloud storage buckets open. Users are advised to install antivirus or ad-blockers to stay safe from cryptocurrency miners.Data breach HardwareZone (HWZ)
Around 685,000 users registered with HardwareZone (HWZ) became victims of a data breach, after losing their profile data. The breach was discovered after a suspicious posting was made on the forum site.