Cyware Daily Threat Intelligence January 30, 2018

Top Malware Reported in the Last 24 Hours
GandCrab ransomware
A new ransomware, dubbed GandCrab, has been discovered recently spreading via exploit kits. This ransomware is the first to accept DASH currency as ransomware payments. The ransomware is now being distributed through a malvertising campaign called Seamless, that pushes visitors to the RIG exploit kit.

Andromeda botnet
Cyber criminals are using the Andromeda botnet to launch cyber attacks on the educational sector. This malicious software captures sensitive information such as authentication credentials or downloads and installs additional malicious software.

BitPaymer
Researchers found out that the authors of the Dridex banking Trojan also created a malware called BitPaymer, also known as FriedEx ransomware. Both malware share a lot of similarities in code and evasion techniques, and also use the same malware packer.

Top Vulnerabilities Reported in the Last 24 Hours
Windows emergency patch
Microsoft issued an emergency out-of-band Windows update, that would disable mitigation against variant 2 (CVE-2017-5715) of the Spectre hardware flaw in Intel processors. The patch, dubbed KB4078130 is used to mitigate Spectre variant 2.
Microsoft took the step after Intel announced that their updates may cause rebooting issues.

Vulnerabilities in Fitness app Strava
The heatmap shared by the Strava fitness app, has ended up revealing secret military bases for the US and other countries. Not just US, the app also reveals other bases including Russia’s military bases, those in Afghanistan, and Turkish patrols North of Manbij in Northern Syria.

Lenovo’s Fingerprint Manager Pro flaw
A hardcoded password flaw has been detected impacting ThinkPad, ThinkCentre, and ThinkStation laptops. However, Windows 10 users needn't worry as this flaw doesn't affect them. A fix has already been released for this flaw.

Top Breaches Reported in the Last 24 Hours
Netherlands DDoS cyber attacks
Various banks in Netherlands, including the National tax office went offline for a while after being targeted by DDoS attacks. Banks like ABN Amro, Rabobank and ING had their official website disrupted for 5-10 minutes.

phpBB download links compromised
Download links for the phpBB forum software have been compromised by unknown hackers. Compromised URLs were related to the phpBB 3.2.2 full package and the phpBB 3.2.1 -> 3.2.2 automatic updater. Links to the malicious files have already been removed by phpBB, and currently available vulnerabilities are safe for use.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.