Go to listing page

Cyware Daily Threat Intelligence January 15, 2019

Cyware Daily Threat Intelligence January 15, 2019

Share Blog Post

Top Malware Reported in Last 24 Hours

Fake movie file injects malware
A malicious Windows shortcut file disguised as a movie on 'The Pirate Bay'torrent tracker has been found injecting malicious content on Google, Yandex and Wikipedia pages. The malware modifies registry keys to disable Windows Defender. The main intent of attackers in this campaign is to steal cryptocurrency. Apart from poisoning high-profile sites, the malware monitors web pages for Bitcoin and Ethereum wallet addresses and replaces them with the pages belonging to attackers. 

Ryuk ransomware
Hackers have managed to collect over 705 bitcoins or an equivalent of $3.7 million using Ryuk ransomware in just 5 months. Security researchers found that the hackers are lately adding Emotet and TrickBot trojans as a part of Ryuk ransomware attack campaign. The attack is typically initiated with the distribution of Emotet trojan with TrickBot as its secondary payload. Ryuk is distributed in the final stage of the infection process.

Top Vulnerabilities Reported in Last 24 Hours

MS Office flaw
An information disclosure vulnerability has been discovered in MS Office. The flaw is responsible for unintended leakage of sensitive data in millions previously created Office files. The flaw is dubbed as CVE-2019-0560 and has been classified as 'important' by Microsoft.

Bugs in SCP servers
All Secure Copy Protocol(SCP) implementations since 1983 have been found to be vulnerable to five security bugs. The flaws are tracked as CVE-2018-2068, CVE-2019-6111, CVE-2018-20684, CVE-2019-6109 and CVE-2019-6110. OpenSSH, PuTTY and WinSCP are all affected by the flaws. As of now, security update is available for only WinSCP. Users are advised to update the WinSCP to version 5.14 to fix the issues. 

Zero-day bugs in PremiSys
Security researchers have discovered multiple zero-day bugs in IDenticard Corp.’s PremiSys building access control system. The flaws that affect the version 3.1.190 of PremiSys, can allow attackers to sneak into restricted locations. The flaws are tracked as CVE-2019-3906, CVE-2019-3909, CVE-2019-3907 and CVE-2019-3908  

Top Scams Reported in Last 24 Hours

Tender-themed phishing scam
A new tender-themed phishing scam has been found targeting contractors that have been selected by the Australian government to submit tenders related to commercial projects for the year 2019. The scam involves scammers luring individuals into disclosing their account credentials by registering for eligibility to bid on the projects. The targeted contractors are sent phishing emails that appear to be from the Secretary of Infrastructure and Regional Development, Dr. Steven Kennedy. It contains a notification letter and a malicious link that takes the user to the fake 'Department of Infrastructure' website. The website has been designed by scammers to steal users' login credentials. Users are advised to be wary about such emails. They must validate the legitimacy of the message by contacting the sender organization using an alternate method of contact.


ryuk ransomware
zero day bugs
emotet trojan
phishing scam
secure copy protocolscp

Posted on: January 15, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.