Cyware Daily Threat Intelligence July 11, 2018

Top Malware Reported in the Last 24 Hours
Anubis banking Trojan
Apps in Google Play are being used to install Marcher (aka Marcher ExoBot) and BankBot Anubis mobile banking Trojans. The Trojans facilitate financial fraud by stealing login credentials to banking apps, e-wallets, and payment cards. At least 10 apps are reportedly infected with this malware. The malware masquerades as an app called “Google Protect” and prompts the user to grant it accessibility rights.

Modified version of Mirai
Security researchers have discovered that Android Debug Bridge enabled on various Android phones is being used to spread a modified version of Mirai’s code bolted onto a cryptominer. However, this bug shows effect on only certain type of devices. There is no central C2 server; in this case, it spreads peer-to-peer via port 5555.

Top Vulnerabilities Reported in the Last 24 Hours
Multiple security fixes released
More than 150 CVE-listed vulnerabilities have been addressed by Microsoft, Intel, and Adobe in the recently released security updates. Among the fixed flaws, 104 belonged to Adobe, 53 belonged to Microsoft and one belonged to Intel.

HMI products vulnerable
A security vulnerability has been discovered in the Credential Security Support Provider (CredSSP) authentication protocol that impacts several human-machine interface (HMI) products. The flaw, tracked as CVE-2018-0886 has been fixed in Microsoft’s March 2018 Patch Tuesday updates. Users are advised to install the latest updates to stay safe.

Update available for Ansible Engine 2
A security update has been released for Ansible Engine 2 in order to fix a couple of vulnerabilities CVE-2018-10874 and CVE-2018-10875. Ansible works over SSH and does not require any software to be installed on remote nodes. By exploiting these flaws, hackers can execute malicious code and run arbitrary code. Users are advised to upgrade to ansible 2.6.1.

Top Breaches Reported in the Last 24 Hours
Details of the US Military sold on Dark Web
A hacker tried to sell files containing details of the U.S. military’s MQ-9 Reaper drones on the dark web. Stolen details include Reaper maintenance course books and a list of airmen assigned to controlling the drone. The documents are believed to have been stolen from a U.S. Air Force captain’s computer by exploiting a widely known security vulnerability in Netgear routers.

Hackers target Cambodia
Chinese state-link hackers are targeting Cambodia ahead of the upcoming national elections. Security experts have noticed a spike in phishing scams and hacking attempts in the region. Key branches of the Cambodia government are specifically being targeted by Chinese hacking group called TEMP.Periscope.



Tags


  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.