Cyware Daily Threat Intelligence January 31, 2018

W32/MS04028.fam! exploit
The Trojan is trying to exploit known vulnerabilities in Windows XP to attack educational institutions and steal intellectual property. Since numerous institutions still use applications that run on Windows XP, they are easy targets. The exploit leverages a buffer overrun in the Graphics Device Interface (GDI) processing library in Windows XP.

Deadly cryptocurrency mining malware
A new cryptocurrency mining malware--combination of fileless WMI scripts and EternalBlue--is being used by cyber criminals. Dubbed WannaMine, is fileless and difficult to detect by many AV tools. It can arrive via a user clicking on a malicious link in an email or Web page to targeted remote access attack by a hacker. Zero-Day Vulnerabilities in ManageEngine Products
Several zero-day vulnerabilities have been discovered within many Zoho ManageEngine products which are used in providing IT security. Exploiting these flaws will allow hackers to upload any unauthenticated files, employ blind SQL injection, carry out remote code execution (RCE) and user enumeration.

Critical Security Bug in Firefox
Mozilla fixed a critical security vulnerability, which could lead to arbitrary code execution, in Firefox. Firefox versions 56, 57 and 58 are said to be affected. The flaw has been addressed and fixed in Firefox 58.0.1. Users are advised to apply the appropriate update soon.

Vulnerable Oracle PoS
A vulnerability has been found in Oracle PoS systems that could allow attackers to access credentials and gain full access to the database. The flaw has been classified as an 8.1 out of 10 for its severity. Email Credentials of Fortune 500
Security researchers have discovered that around 10% of email credentials of all employees working at Fortune 500 companies have been leaked on the dark web. The number is around 2.7 million credentials among the 8 billion stolen credentials. The highest number of leaked credentials came from the financial sector (around 20%).

Breach at Charlotte Housing Authority
A breach at the Charlotte, N.C., Housing Authority lead to leak of employees' W2 information. Scammers used a simple phishing technique, where they sent an email appearing to be coming from the company's CEO, asking for W2 records of all current and former employees.