Cyware Daily Threat Intelligence June 07, 2018

Operation Prowli
Security researchers recently discovered Operation Prowli, infecting over 40,000 web servers, modems, and other IoT devices. These servers have been constituted into a botnet in order to mine cryptocurrencies and redirect users to malicious sites. Infected devices include WordPress sites, Joomla! sites with K2 extensions, DSL modems, Drupal, NFS Boxes, and servers exposed to SMB worms.

VPNFilter malware
New capabilities of VPNFilter malware have been discovered by security researchers. The malware is found to be able to perform Man in the Middle attacks to deliver exploits and compromise a wider array of routers. The malware can also steal sensitive data by stripping encryption from HTTPS connections.

Malicious Chrome extension
A Google Chrome extension going by the name Desbloquear Conteúdo, which means ‘Unblock Content’, has been discovered targeting Brazilian online banking services. The extension works by harvesting user logins and passwords to steal money from bank accounts. To stay safe, users are recommended to install only verified extensions. Google patches bug
A high severity bug, dubbed CVE-2018-6148, in Chrome has been patched by Google. The bug was found affecting all major operating systems including Windows, Mac, and Linux. Patches are available in the Chrome update 67.0.3396.79. To stay safe, users are advised to make sure that their system is running the updated version of Chrome web browser.

Ubuntu releases patches
Patches have been released by Ubuntu to fix a pair of vulnerabilities in its procps-ng. A local attacker could exploit these vulnerabilities to execute arbitrary code. The vulnerabilities are tracked as CVE-2018-1124 and CVE-2018-1126. Users are advised to update their package version to 1:3.2.8-11ubuntu6.5.

Cisco patches bug
A security flaw identified in Cisco Meeting Server (CMS) has been patched by Cisco. Exploiting the flaw could allow hackers to access services running on internal device interfaces of an affected system. The vulnerability is fixed in CMS Software Releases 2.2.13 and later and Releases 2.3.4 and later. PageUp suffers data breach
An Australia-based HR Software firm, called PageUp, has become a victim of a data breach where 2.6 million active users across 190 nations have been affected. The breach occurred after one of their IT system got infected with a malware. Attackers accessed customer records containing names, contact info, usernames, and password hashes.

Japanese Syndicate wallet hacked
Japanese Syndicate wallet was hacked recently resulting in a loss of more than $10 million of a variety of tokens, including Ethereum, Level Up, Orbs, and Shopin Tokens. MyEtherWallet storage wallet was used in the process. Shopin authorities mentioned that they are taking all measures to mitigate the issue.