Share Blog post
YiluzhuanqianSerd is a Linux-based malware that infects systems running Linux and IoT devices with a cryptocurrency miner. The malware searches for SSH ports and connected devices with an exploitable remote desktop protocol (RDP) port. The cryptominer that YiluzhuanqianSerd drops transfers funds to a Chinese scam website.
OSX. Dummy malware
The OSX.Dummy malware poses as administrators, moderators and key figures in the cryptocurrency community. The macOS malware targets cryptocurrency investors and opens up a backdoor on infected systems. In this case, the malware targeted the cryptocurrency community via Slack and Discord.
Security researchers have discovered two new Spectre vulnerabilities - Spectre 1.1 and Spectre 1.2. The former leverages speculative stores to create buffer overflows and affects billions of devices powered by modern processors, including Intel and AMD processors. Spectre 1.2 only affects CPUs that don't have read/write protections enabled, instead, relying on lazy PTE enforcement.
Cisco IP Phone and StarOS flaw
Two new Cisco vulnerabilities were discovered - an IP phone firmware bug and a StarOS flaw. Cisco IP Phone flaw could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The Cisco StarOS bug could allow remote hackers to create a denial of service (DoS) condition.
IBM privilege escalation vulnerabilities
IBM's DB2 was discovered containing multiple vulnerabilities. The first flaw exists due to a flaw in systems that invoke the tool with elevated privileges. The flaws could allow hackers to execute arbitrary code and launch privilege escalation attacks.
The cryptocurrency conversion platform Bancor was hit by hackers and over $13.5 million worth of tokens were stolen. The hackers made away with $12.5 million in Ether, $1 million in Pundi X’s NPXS token and $10 million in Bancor’s BNT. However, the Israeli firm said that no user wallets were compromised. The Bancor site was taken down following the attack.
The website of the popular audio and video editing and converting software provider VSDC was hacked. The website was attacked thrice - on June 18, July 2, and July 6. During the attacks, the hackers changed the download links on the VSDC website with links that redirected users to malicious links that served up three different malware strains.
Posted on: July 12, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.