Cyware Daily Threat Intelligence July 17, 2018

Magniber ransomware
Cybercriminals have upgraded the Magniber ransomware variant with various obfuscation techniques. The ransomware has also expanded its target base, going after users in various Asia Pacific nations. Security researchers have observed Magniber infections in Hong Kong and Taiwan. Magniber's new variant uses the Internet Explorer VBScript engine vulnerability instead of relying on the C2 server of hard-coded encryption keys to propagate. 

Dorkbot banking trojan
The Dorkbot banking trojan has been upgraded with a new code injection technique called Early Bird. The malware was previously used by hackers to target Skype, Facebook and Twitter users. The malware allows attackers to conduct remote code execution attacks to steal sensitive banking data. 

DrupalGangster malware
The DrupalGangster malware was spotted targeting web servers vulnerable to the Drupalgeddon 2.0 bug. The malware allows attackers to conduct a command execution attack, exploiting the Drupalgeddon 2.0 flaw to grow a botnet and deliver a Monero miner. GitList argument injection flaw
GitList contains a vulnerability that exposes it to argument injection attacks. The bug was caused due to GitList improperly validating input using the PHP function 'escapeshellarg'. The flaw could allow hackers to inject data or command syntax to change the state of a targeted application. Patches are available for this bug. Users are advised to upgrade to the latest version of the software. 

Microsoft Edge memory corruption bugs
Microsoft Edge contains multiple memory corruption bugs. The vulnerabilities exist due to improper handling of objects in memory. If exploited, the bugs could allow hackers the ability to view, alter or delete data, install programs and create new accounts. Users are advised to upgrade to the patched version of the software.

VMWare out-of-bounds read flaw
A high severity vulnerability has been discovered in VMWare Tool's Host-Guest File System (HGFS) driver. The out-of-bounds read flaw can allow attackers to gain elevated privileges or access sensitive information on a targeted virtual machine. Patches are available for this issue. It is highly recommended that users upgrade to the fixed version of the software. Telefonica breach
Spanish telecommunications provider Telefonica was hit by a data breach. The breach exposed the personal and financial information, including,  landline and mobile numbers, national ID numbers, addresses, banks, names and records of calls and more of millions of Spanish Movistar users. 

Dahua breach
Passwords of thousands of Dahua DVR have been exposed. The login credentials were cached by the IoT search engine ZoomEye and leaked on the internet. Hackers exploited a five-year-old flaw to steal a targeted device's serial number, settings, and passwords. Access to this data can allow attackers to remotely log in and spy on victims. 

Mega data breach
New Zealand file storage service Mega suffered a data breach after thousands of user account credentials were leaked online. The breach exposed 15,500 usernames, passwords, and more. Most of the credentials exposed in this breach had already been previously breached, given how the credentials were accessed via credential stuffing.