Cyware Daily Threat Intelligence July 18, 2018

King Ouroboros ransomware
The King Ouroboros ransomware hails from the CryptoWire family. The ransomware authors have taken to Twitter to vent out their frustration over being called scammers. The ransomware, like others of its kind, demands a ransom, providing contact and payment instruction details. Fortunately, the ransomware can be removed using legitimate anti-malware tools.

Luminosity RAT
The creator of the Luminosity RAT was recently arrested and has pled guilty. Luminosity RAT allowed attackers to secretly infect a targeted device by disabling its anti-virus or anti-malware program and then spy on the victim by monitoring their online activities. The malware infected victims across 78 countries and was sold to over 8,500 people. Luminosity was also used by Nigerian hackers in a phishing campaign which targeted industrial companies.

GoldenCup malware
GoldenCup is a malicious app that drops a spyware, which specifically targets soccer fans. The malware is distributed via the Google Play store and is capable of stealing SMS messages, contacts, photos, videos and location data. Access control policy bypass flaw
A vulnerability has been discovered in the detection engine of Cisco FireSIGHT System Software. The bug allows remote attackers to bypass a URL-based access control policy designed to block traffic for an affected system. Patches are available for this issue. Users are advised to upgrade to the latest version. 

Memory corruption bug
 Microsoft's scripting engine contains a vulnerability that could allow attackers to conduct remote memory-corruption attacks. A successful exploit could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. Users can stay safe from attacks by updating to the latest patched version of the software.

Privilege escalation vulnerability
A vulnerability has been detected in the  Microsoft Windows File Picker. The flaw can allow hackers to conduct a privilege escalation attack. The bug can also allow attackers to bypass current sandbox techniques. Patches are available for this issue. It is highly recommended that users upgrade to the latest version. CarePartners data breach
Canadian home care service provider CarePartners was hit by a data breach which saw hackers gain access to patient and employee data. The compromised data includes thousands of patient medical records such as phone numbers, addresses, dates of birth, health card numbers, and detailed medical histories. 

LabCorp Diagnostics breach
North Carolina-based LabCorp Diagnostics was hit by hackers. The attack forced the firm to shut down its networks. The attack temporarily impacted test processing and customer access to test results. LabCorp is working to restore full system functionality as fast as possible. Experts believe this could be a dangerous hack as hundreds of networked labs in the US are interconnected centrally with LabCorp headquarters.