Cyware Daily Threat Intelligence June 29, 2018

RIG EK delivers Monero miner
RIG exploit kit was found delivering a Monero miner via PROPagate injection technique. As per the security researchers at FireEye, the dropper was delivered to inject code which downloads and executes the miner. Hackers are leveraging malicious websites to trick victims into loading the RIG EK landing page in an iframe.

Changes in Necrus
Significant changes in the behavior of the Necrus botnet have been discovered by researchers. The botnet is now pushing for spamming and proxy modules onto its bot. Necrus is also hosting cryptominers and info stealers like AZORult, Flawed Ammyy RAT. The threat actors behind Necrus are showing interest in governments, financial institutions, tourism and food industries, and real estate companies. RAMpage vulnerability
A new vulnerability, named RAMpage has been discovered to have been affecting Android devices released since 2012. The vulnerability is tracked as CVE-2018-9442. It can affect PCs, virtual machines, and Android devices and can be executed via JavaScript code, GPU cards, and network packets.

Ubuntu fixes flaws
Ubuntu has fixed the CVE-2015-8865 vulnerability that causes the files to incorrectly handle certain magic files. This vulnerability affects Ubuntu 12.04 ESM and can be leveraged to cause a denial of service condition. Both the issues have been fixed in file and libmagic1 5.09-2ubuntu0.7. Users are advised to update their systems immediately.

Cisco ASA flaws
Hackers are exploiting the Cisco ASA flaw (dubbed CVE-2018-0296) to crash or steal information. This flaw affects Cisco ASA software and FTD software. Hackers are exploiting this flaw via directory traversal techniques. Experts said that the exploitation started soon after the publication of PoC code. Potential breach at Adidas
Millions of US customers have been warned of a breach that might have affected Adidas. An unauthorized party claimed to have gained access to the customer data. Details such as when and how the breach occurred aren't available yet. However, a preliminary investigation revealed that contact information, usernames and encrypted passwords were stolen.

Gentoo Linux's account compromised
The GitHub account of Gentoo Linux organization has been compromised by an unknown hacker. The hacker believed to have replaced portage and musl-dev trees with ebuilds that would try to remove all the files on a user's system. Users are advised to consider all Gentoo code hosted on GitHub as compromised and restore their OS to stay safe.

A Japanese hotel chain got hacked
Prince Hotel, a popular Japanese hotel chain got breached resulting in loss of more than 120,000 items of the customer data via their reservation system. The breach was revealed by the booking website provider Fastbooking Co.