Cyware Daily Threat Intelligence January 16, 2018

Top Malware Reported in the Last 24 Hours
MaMi malware
A malware that targets Mac OS X users, named MaMi, has been found. It is a rehash of an old Windows DNS hijacker. MaMi is capable of DNS hijacking, capturing screenshots, simulate mouse events, upload/download files, and execute arbitrary code.

RubyMiner
A new strain of cryptocurrency miner, dubbed RubyMiner, was discovered by security researchers. The malware was found to be affecting outdated web servers. Attackers spread this malware by hiding it in robots.txt files. Here, hackers clear all the cron jobs and add malicious cron job which downloads a script, that installs modified version of the legitimate XMRig Monero miner application.

Top Vulnerabilities Reported in the Last 24 Hours
Flaw in BitTorrent
Google's Project Zero researchers found a critical flaw in Transmission BitTorrent app that allows websites to execute malicious code on some users' computers. By exploiting this vulnerability, attackers can command Transmission to download a Torrent called ".bashrc" which would automatically be executed the next time the user opened a bash shell.

Several vulnerabilities in Phoenix Contact
A series of security flaws have been found in Phoenix Contact’s FL Switch industrial Ethernet switches. These are authentication bypass and information exposure flaws. One of these flaws (CVE-2017-16743) has been assigned a CVSS score of 9.8, adding it in the “critical severity” category.

SCADA App Vulnerabilities
It has been found that mobile apps used by SCADA Industrial Control Systems, have 147 security vulnerabilities. The test has been done on 34 ICS apps from Google Play. Of these mobile apps, 32 of them lacked root or code protection, 20 had poor authorization, 20 implemented insecure data storage, and 18 lacked obfuscation.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.