Cyware Daily Threat Intelligence July 24, 2018

Top Malware Reported in the Last 24 Hours
Shrug ransomware
The newly discovered Shrug ransomware may have been a devastating malware given that it is capable of screen-locking and disabling keyboard and mouse events. The ransomware's authors inadvertently left the decryption keys, which were completely unencrypted, in the malware registry, allowing victims to recover their data without paying a ransom. 

Satori malware
Cybercriminals have been using open Android Debug Bridge (ADB) ports to distribute a potential Satori malware variant to Android devices. The first wake of the attacks came from the US and China, while the second wave of attacks came from Korea. Security researchers also discovered that over 48,000 IoT devices are vulnerable to ADB exploitations. 

Red Alert 2.0 malware
A new campaign has been discovered delivering the Red Alert 2.0 malware. The malware is capable of gaining device administrative privileges and can also lock screen, remove passwords and more. The banking malware surreptitiously works in the background while targeting a list of banks.

Top Vulnerabilities Reported in the Last 24 Hours
Sony Camera bugs
Multiple vulnerabilities have been discovered in Sony's  IPELA E Series Network Cameras. The first is a command injection flaw while the second is a stack buffer overflow bug. The vulnerabilities could allow attackers to launch remote code execution attacks and steal sensitive data. Patches are available. Users are advised to update to the latest version. 

Bluetooth bug
A bug has been discovered in the Bluetooth firmware or OS software drivers. The flaw allows attackers to replace the public keys, used during devices' pairing,  by injecting invalid keys. The flaw could allow attackers the ability to intercept and decrypt and/or forge and inject device messages.

Denial of Service flaws
The Apache Tomcat server contains several vulnerabilities that could allow attackers to cause a denial of service (DoS) conditions. One of the vulnerabilities is an information disclosure issue while under the other flaw the hostname verification when using TLS with the WebSocket client was missing.

Top Breaches Reported in the Last 24 Hours
Oracle WebLogic servers attacked
Cybercriminals targeted Oracle WebLogic servers by taking advantage of vulnerable systems that have not been patched for a critical flaw. The bug allows attackers to gain control of the entire server without having access to the server's password. Patches for this issue are available. Users are advised to update their servers immediately to stay safe from such attacks. 

US power networks attacked
In 2017, Russian hackers targeted US electric networks. According to federal authorities, the hackers, who are connected to the state-sponsored hacker group Dragonfly (aka Energetic Bear), gained access to utility networks and stole sensitive credentials.  The attackers broke into air-gapped or isolated networks owned by utilities, with relative ease.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.