Cyware Daily Threat Intelligence July 13, 2018

Top Malware Reported in the Last 24 Hours
Dorkbot malware resurfaces
The Dorkbot banking trojan is back from an extended hiatus. The malware was found targeting Skype, Facebook, and Twitter users. Dorkbot has been upgraded to steal users' credentials using a new code injection technique called ‘Early Bird’. The malware also comes with remote code execution features allowing hackers to steal banking data. 

DrupalGangster malware campaign
A new malware campaign has been uncovered, leveraging the Drupalgeddon 2.0 vulnerability. The campaign infects victims with an XMRig-based cryptocurrency miner that mines for Monero.  The campaign leverages Drupalgeddon 2.0 to conduct remote command injection attacks. This allows attackers to create a Monero-mining botnet. The hackers behind the campaign have already raked in $11,000.

GoldenCup malware campaign
Security researchers have uncovered a new spy campaign targeting World Cup fans. The malware masquerades as a fake sporting app on the official Google Play Store. The spyware steals victims’ phone numbers, app data, device model, manufacturer, device ID, Android version IMEI and IMSI.

Top Vulnerabilities Reported in the Last 24 Hours
Tor use-after-free bug
A  use-after-free vulnerability was discovered in the Tor browser. The bug can allow attackers to compromise a system by executing a denial of service flaw. Patches for this flaw have already been issued. Users are advised to upgrade to the latest version of the Tor browser. 

Aurora vulnerability
A new vulnerability has been uncovered targeting the energy sector. The Aurora flaw has been used by hackers in attacks targeting power grids. The flaw allows attackers to disconnect and reconnect the generator from the power grid, which in turn, created immense pressure on the generator's rotors. The flaw essentially has the ability to damage the generator, shutting down a power grid.

FTP buffer overflow flaw
The core FTP contains a vulnerability that can allow hackers to leak kernel memory. The flaw exists in the rmsock command in IBM AIX and can allow attackers to cause a denial of service (DoS) condition. Patches that address the flaw have been issued. Users are advised to upgrade to the latest version immediately.

MacOS vulnerability
Apple products contain a code execution vulnerability that can allow hackers to create a cross-origin access error and steal audio data.

Top Breaches Reported in the Last 24 Hours
Ukraine thwarts an attempted cyberattack
Hackers attempted to infiltrate the networks of a Ukranian chlorine station - LLC Aulska - using the VPNFilter malware.  Ukraine's security service said that the attack, which was aimed at destroying the water treatment facility was detected and stopped.

Healthcare data breach
MedEvolve, an Arkansas-based practice management software provider confirmed that one of its clients, Premier Immediate Medical Care, was hit by a data breach that may affect 200,000 current and former patients. Names, billing addresses, telephone numbers, primary health insurers, and the Social Security numbers of some of the patients is believed to have been accessed by the attackers.

Thomas Cook Airlines breach
Thomas Cook Airlines inadvertently exposed names, email addresses, and flight details of the customers. The breach was caused by a flaw, called  Insecure Direct Object Reference (IDOR), which is commonly found on poorly designed web applications. The bug remained hidden in the firm's network for years.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.