Cyware Daily Threat Intelligence February 5, 2019

See All
Top Breaches reported in the Last 24 Hours

SLC suffered multiple breaches
The UK's Student Loan Company (SLC) has suffered around 965,639 cyber attack attempts during the financial year 2017/18. This is an increase of nearly 322,000 times in just two years. One of the attempts includes the successful Cryptojacking attack. The domain slc[.]co[.]uk was infected with Monero cryptominer via a third-party plugin. The firm confirmed that no customer data compromised in the attack. Of the total attacks reported, 323 were found to be malware attack attempts and 235 attacks were performed via malicious calls or emails. The body holds sensitive and financial data of 8.1 million registered customers. 

Top Malware Reported in the Last 24 Hours

ExileRAT
A new malware campaign that delivers ExileRAT via malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration (CTA) has been discovered by researchers at Cisco Talos. The malware has been designed for espionage purposes rather than for financial gain. The malware is capable of gathering system information, pushing malicious files and executing or terminating processes.

SpeakUp backdoor
A new backdoor trojan dubbed as 'SpeakUp' has been spotted exploiting the Linux servers that run over 90% of the top 1 million domains in the US. This malware is currently being distributed to Linux servers mainly located in China. The hackers are using an exploit for the ThinkPHP framework to infect servers with the new malware strains. 

Adaptive malware campaign
A new adaptive malware campaign that is used to target millions of iOS users visiting 49 of Alexa 500 premium publisher sites has been discovered by researchers. It was found that nearly 80% of the devices running on iOS were affected in the attack. The ultimate goal of the campaign was to exploit 44 adtech vendors and compromise the personal data of millions of customers. 

Cayosin botnet
Security researchers have come across an emerging botnet-as-a-service named Cayosin. It was first observed on January 6, 2019, and has a unique property of combining the dangerous features of mutiple previous botnets such as Qbot and Mirai. The botnet has been found to be marketed through legitimate social media platforms rather than Dark Web. A YouTube video was one of the marketing instruments to spread the botnet.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerability in Ubiquiti networks
A remote code execution vulnerability in Ubiquiti networks has impacted over 485,000 devices. The devices affected by the vulnerability are NanoStation (172,000), AirGrid (131,000), LiteBeam (43,000), PowerBeam (40,000), and NanoBeam (21,000) products. Hackers can leverage the flaw to conduct DDoS attacks.

Zombie Poodle and GoldenDoodle
Security researchers have discovered two new vulnerabilities - Zombie Poodle and GoldenDoodle - in many systems that are still running TLSv1.2. These flaws can allow attackers to conduct man-in-the-middle attack and decrypt certain data like session cookies. The issues stem from continued use of cryptographic modes. 

Flaws in the Digital Signage System
Multiple flaws have been discovered in Tightrope Media Systems’ digital signage system. These flaws arose due to the use of a default password. Two of these flaws have been dubbed as CVE-2018-18929 and CVE-2018-14573. While CVE-2018-14573 exists in the RenderingFetch API function, CVE-2018-18929 is an unchanged default administrator bug.

Top Scams Reported in the Last 24 Hours

YouTube scam
Scammers are taking advantage of YouTube policy to threaten the content creators. The scammers are threatening the creators that their accounts will be suspended after 3 strikes if they do not meet the YouTube guidelines. The content creators like Logan or ObbyRaidz have reported facing such problems. Upon discovery of the scam, YouTube has removed the false strike and terminated the accounts that were involved in the propagation of such fake rules. They also tweeted that they have zero intolerance for such activities and the creators can reach them @teamyoutube for more support via twitter.

Kidnap Scam
A new WhatsApp scam named 'Kidnap scam' has been found to be on the rise. Here, a hacker would get access to users' WhatsApp numbers and message their friends that they have been kidnapped. The scam has affected a lot of users in South Africa. The SIM Swapping technique is primarily leveraged to perform the scam.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence February 6, 2019
Next
Cyware Daily Threat Intelligence February 4, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.