Go to listing page

Cyware Daily Threat Intelligence January 18, 2019

Cyware Daily Threat Intelligence January 18, 2019

Share Blog Post

Top Breaches Reported in Last 24 Hours

Click2Gov data breach
A data-breach of a third-party online payment system has compromised the personal data of Hanover County. The county officials disclosed that an unauthorized person stole credit card information processed by the Click2Gov payment portal between August 1, 2018 and January 9, 2019. The information exposed in the breach includes customer names, credit card numbers and expiration dates. The county came to know about the breach from a group that monitors internet websites from exposed credit card information. In response to the incident, the county has isolated the access to Click2Gov website and investigating the matter. 

Top Malware Reported in Last 24 Hours

NanoCore RAT variant
A malicious MS Word document titled “eml_-_PO20180921.doc” is being used to distribute a new variant of NanoCore - version 1.2.2.0. The doc contains auto-executable malicious VBA code. Once opened, the VBA code downloads an EXE file and saves it into “%temp% \CUVJN.exe”. 

West African banks attacked
Banks and financial institutions located in Cameroon, Congo (DR), Ghana, Equatorial Guinea, and Ivory Coast have suffered a wave of attacks since at least mid-2017. The attacks were conducted using off-the-shelf, commodity malware such as Cobalt Strike, Imminent Monitor RAT, NanoCore RAT, Remote Manipulator System RAT, and Mimikatz. 

New Cryptomining malware
New cryptomining malware that is capable of uninstalling cloud security protections has been discovered by security researchers. The threat actor behind the creation of the malware is Rocke. The malware comes with an in-built evasion technique and specifically targets public cloud infrastructures.

Top Vulnerabilities Reported in Last 24 Hours

ES File Explorer flaw
ES File Explorer app is vulnerable to a serious flaw that can let someone - on the same Wi-Fi network - download or steal files from your phone. The app has over 100 million downloads worldwide. According to researchers, ES File Explorer launches an HTTP server on port 59777. Attackers can use that port to inject a JSON payload. They can then exploit the code to get information about the apps and files the users have.

Ghostscript vulnerability
A vulnerability in Artifex Ghostscript in version prior to 9.26 can allow remote attackers to bypass the intended access restrictions. Dubbed as CVE-2018-19475, the vulnerability allows for unauthenticated disclosure of information, modification and disruption of services. It is of medium severity and requires no privileges for the attack. 

Windows Zero-Day Bug
Acros Security has released a micro patch for a zero-day bug discovered in Windows. The bug can allow attackers to overwrite files with arbitrary data. The microcode solution works for 64-bit Windows 10 version 1803. Users who require a variant for other Windows versions are urged to contact the company.

 Tags

click2gov
nanocore rat variant
remote attackers
mimikatz
windows zero day bug

Posted on: January 18, 2019


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite