Cyware Daily Threat Intelligence July 26, 2018

Top Malware Reported in the Last 24 Hours
Parasite HTTP RAT
Security researchers have discovered a new remote access tool (RAT) called Parasite HTTP, which is currently being sold by cybercriminals on the dark web. The malware comes packed with various features, including state-of-the-art detection-evading capabilities. So far, the Parasite RAT has been observed in a small phishing email campaign targeting the healthcare, IT and retail sectors. 

MDM malware attack
The malicious MDM malware campaign targeting iPhone users in India may be a much larger campaign than previously expected. Security researchers suspect that the cybercriminal behind the campaign is likely located in India. The campaign targets not just iOS users but, also Windows users. Researchers also discovered that the MDM's security posture has been improved. The campaign continues to make use of fake WhatsApp and Telegram apps to distribute malware to victims.

Top Vulnerabilities Reported in the Last 24 Hours
Pizza Hut website bug
A vulnerability was discovered in Pizza Hut's website. The flaw allowed anyone with a Pizza Hut account to access customer information, such as names, delivery addresses and contact information. The vulnerability was discovered in the system of an unnamed third-party vendor, who managed Pizza Hut’s online store. 

Privilege escalation flaw
A vulnerability in the Network Manager VPNC plugin has opened it up to a privilege escalation attack. The bug allows attackers the ability to execute arbitrary commands as root. A patch has been released to fix the issue. Users are advised to update to the latest version.

Oracle Database Server bugs
Multiple vulnerabilities have been discovered in the Oracle Database Server. The bugs include a deserialization flaw, a bug that impacts the Core DBMS' component. The third flaw is an issue with Create Session, Create Procedure privileges. The bugs could allow attackers the ability to compromise the systems. Users are recommended to upgrade to the latest patched version.

Top Breaches Reported in the Last 24 Hours
COSCO ransomware attack
China-owned shipping giant COSCO reportedly suffered a destructive ransomware attack, which resulted in attackers compromising the firm's networks. The attack also saw several of the firm's US sites shut down. However, COSCO stated that the incident was caused due to a local network breakdown. The shipping giant has warned its employees to not open any suspicious emails and urged its IT staff to conduct a complete scan of its networks. 

LifeLock data leak
Symantec's identity-theft protection service LifeLock exposed millions of its customers' data. The breach was caused due to a vulnerability in LifeLock's website, which has since been fixed. However, the flaw could have allowed cybercriminals the ability to harvest the exposed data and use it to launch phishing attacks. 

Sias data breach
The Securities Investors Association (Singapore) or Sias acknowledged that it suffered a breach in 2013, which affected 70,000 members. The breach was caused by Sias website flaws and allowed attackers to steal home addresses, email addresses, and mobile and landline numbers. The firm has since taken it offline and is working on developing a new website. 





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.