Cyware Daily Threat Intelligence January 30, 2018

Share Blog post

Top Malware Reported in the Last 24 Hours
GandCrab ransomware
A new ransomware, dubbed GandCrab, has been discovered recently spreading via exploit kits. This ransomware is the first to accept DASH currency as ransomware payments. The ransomware is now being distributed through a malvertising campaign called Seamless, that pushes visitors to the RIG exploit kit.

Andromeda botnet
Cyber criminals are using the Andromeda botnet to launch cyber attacks on the educational sector. This malicious software captures sensitive information such as authentication credentials or downloads and installs additional malicious software.

BitPaymer
Researchers found out that the authors of the Dridex banking Trojan also created a malware called BitPaymer, also known as FriedEx ransomware. Both malware share a lot of similarities in code and evasion techniques, and also use the same malware packer.

Top Vulnerabilities Reported in the Last 24 Hours
Windows emergency patch
Microsoft issued an emergency out-of-band Windows update, that would disable mitigation against variant 2 (CVE-2017-5715) of the Spectre hardware flaw in Intel processors. The patch, dubbed KB4078130 is used to mitigate Spectre variant 2.
Microsoft took the step after Intel announced that their updates may cause rebooting issues.

Vulnerabilities in Fitness app Strava
The heatmap shared by the Strava fitness app, has ended up revealing secret military bases for the US and other countries. Not just US, the app also reveals other bases including Russia’s military bases, those in Afghanistan, and Turkish patrols North of Manbij in Northern Syria.

Lenovo’s Fingerprint Manager Pro flaw
A hardcoded password flaw has been detected impacting ThinkPad, ThinkCentre, and ThinkStation laptops. However, Windows 10 users needn't worry as this flaw doesn't affect them. A fix has already been released for this flaw.

Top Breaches Reported in the Last 24 Hours
Netherlands DDoS cyber attacks
Various banks in Netherlands, including the National tax office went offline for a while after being targeted by DDoS attacks. Banks like ABN Amro, Rabobank and ING had their official website disrupted for 5-10 minutes.

phpBB download links compromised
Download links for the phpBB forum software have been compromised by unknown hackers. Compromised URLs were related to the phpBB 3.2.2 full package and the phpBB 3.2.1 -> 3.2.2 automatic updater. Links to the malicious files have already been removed by phpBB, and currently available vulnerabilities are safe for use.


 Tags

Posted on: January 30, 2018



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.