Share Blog post
The Dorkbot banking trojan is back from an extended hiatus. The malware was found targeting Skype, Facebook, and Twitter users. Dorkbot has been upgraded to steal users' credentials using a new code injection technique called ‘Early Bird’. The malware also comes with remote code execution features allowing hackers to steal banking data.
DrupalGangster malware campaign
A new malware campaign has been uncovered, leveraging the Drupalgeddon 2.0 vulnerability. The campaign infects victims with an XMRig-based cryptocurrency miner that mines for Monero. The campaign leverages Drupalgeddon 2.0 to conduct remote command injection attacks. This allows attackers to create a Monero-mining botnet. The hackers behind the campaign have already raked in $11,000.
GoldenCup malware campaign
Security researchers have uncovered a new spy campaign targeting World Cup fans. The malware masquerades as a fake sporting app on the official Google Play Store. The spyware steals victims’ phone numbers, app data, device model, manufacturer, device ID, Android version IMEI and IMSI.
A use-after-free vulnerability was discovered in the Tor browser. The bug can allow attackers to compromise a system by executing a denial of service flaw. Patches for this flaw have already been issued. Users are advised to upgrade to the latest version of the Tor browser.
A new vulnerability has been uncovered targeting the energy sector. The Aurora flaw has been used by hackers in attacks targeting power grids. The flaw allows attackers to disconnect and reconnect the generator from the power grid, which in turn, created immense pressure on the generator's rotors. The flaw essentially has the ability to damage the generator, shutting down a power grid.
FTP buffer overflow flaw
The core FTP contains a vulnerability that can allow hackers to leak kernel memory. The flaw exists in the rmsock command in IBM AIX and can allow attackers to cause a denial of service (DoS) condition. Patches that address the flaw have been issued. Users are advised to upgrade to the latest version immediately.
Apple products contain a code execution vulnerability that can allow hackers to create a cross-origin access error and steal audio data.
Hackers attempted to infiltrate the networks of a Ukranian chlorine station - LLC Aulska - using the VPNFilter malware. Ukraine's security service said that the attack, which was aimed at destroying the water treatment facility was detected and stopped.
Healthcare data breach
MedEvolve, an Arkansas-based practice management software provider confirmed that one of its clients, Premier Immediate Medical Care, was hit by a data breach that may affect 200,000 current and former patients. Names, billing addresses, telephone numbers, primary health insurers, and the Social Security numbers of some of the patients is believed to have been accessed by the attackers.
Thomas Cook Airlines breach
Thomas Cook Airlines inadvertently exposed names, email addresses, and flight details of the customers. The breach was caused by a flaw, called Insecure Direct Object Reference (IDOR), which is commonly found on poorly designed web applications. The bug remained hidden in the firm's network for years.
Posted on: July 13, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.