Cyware Daily Threat Intelligence July 24, 2018

Share Blog post

Top Malware Reported in the Last 24 Hours
Shrug ransomware
The newly discovered Shrug ransomware may have been a devastating malware given that it is capable of screen-locking and disabling keyboard and mouse events. The ransomware's authors inadvertently left the decryption keys, which were completely unencrypted, in the malware registry, allowing victims to recover their data without paying a ransom. 

Satori malware
Cybercriminals have been using open Android Debug Bridge (ADB) ports to distribute a potential Satori malware variant to Android devices. The first wake of the attacks came from the US and China, while the second wave of attacks came from Korea. Security researchers also discovered that over 48,000 IoT devices are vulnerable to ADB exploitations. 

Red Alert 2.0 malware
A new campaign has been discovered delivering the Red Alert 2.0 malware. The malware is capable of gaining device administrative privileges and can also lock screen, remove passwords and more. The banking malware surreptitiously works in the background while targeting a list of banks.

Top Vulnerabilities Reported in the Last 24 Hours
Sony Camera bugs
Multiple vulnerabilities have been discovered in Sony's  IPELA E Series Network Cameras. The first is a command injection flaw while the second is a stack buffer overflow bug. The vulnerabilities could allow attackers to launch remote code execution attacks and steal sensitive data. Patches are available. Users are advised to update to the latest version. 

Bluetooth bug
A bug has been discovered in the Bluetooth firmware or OS software drivers. The flaw allows attackers to replace the public keys, used during devices' pairing,  by injecting invalid keys. The flaw could allow attackers the ability to intercept and decrypt and/or forge and inject device messages.

Denial of Service flaws
The Apache Tomcat server contains several vulnerabilities that could allow attackers to cause a denial of service (DoS) conditions. One of the vulnerabilities is an information disclosure issue while under the other flaw the hostname verification when using TLS with the WebSocket client was missing.

Top Breaches Reported in the Last 24 Hours
Oracle WebLogic servers attacked
Cybercriminals targeted Oracle WebLogic servers by taking advantage of vulnerable systems that have not been patched for a critical flaw. The bug allows attackers to gain control of the entire server without having access to the server's password. Patches for this issue are available. Users are advised to update their servers immediately to stay safe from such attacks. 

US power networks attacked
In 2017, Russian hackers targeted US electric networks. According to federal authorities, the hackers, who are connected to the state-sponsored hacker group Dragonfly (aka Energetic Bear), gained access to utility networks and stole sensitive credentials.  The attackers broke into air-gapped or isolated networks owned by utilities, with relative ease.


 Tags

shrug ransomware

Posted on: July 24, 2018

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!