Cyware Daily Threat Intelligence March 01, 2018

See All
Top Malware Reported in the Last 24 Hours
EITest HoeflerText scam
Hackers are using EITest to distribute the GandCrab ransomware as part of the HoeflerText Font Update scam. To stay safe, users are advised to immediately close the browser when they see a popup on a page stating that they need to download a Firefox or Chrome Font Pack.

The CannibalRAT has been discovered, written entirely in Python and wrapped in standalone executables. The main target of the campaign was the users of a Brazilian public sector management school called INESAP. The RAT is distributed in a py2exe format and the python bytecode is stored as a PE resource.

Top Vulnerabilities Reported in the Last 24 Hours
Buffer overflow flaw
A buffer overflow vulnerability, tracked as CVE-2018-5452, has been discovered in Emerson ControlWave controller. The bug affects ControlWave Microcontrollers, version 05.78.00 and prior. An attacker can exploit this issue to cause a denial-of-service condition.

Ubuntu fixes regression issue
A new update, USN-3579-2, has been released by Ubuntu to resolve an issue caused by the previous update USN-3579-1--related to a LibreOffice issue. The vulnerability (CVE-2018-6871) calls in a document could be used to read arbitrary files. After the upgrade was applied, it was no longer possible for LibreOffice to open documents from certain locations outside of the user's home directory.

Philips ISP vulnerabilities
IntelliSpace Portal, all 8.0.x versions, and all 7.0.x versions were found to be affected by several vulnerabilities. Philips is creating a software update to mitigate these vulnerabilities in the affected products.

Top Breaches Reported in the Last 24 Hours
SSL certificates to be revoked
SSL certificated of over 23,000 users will be revoked due to a clash between Trustico and DigiCert. As per reports, Trustico was holding the private keys which would mean that the certificates were compromised. It is believed that Trustico had automated the CSR (Certificate Signing Request) process, a step in the certificate issuance process, and was generating SSL certificates.

Capital One's data exposed
An unsecured AWS S3 bucket resulted in exposure of 50.4 GB of technical data about a Birst appliance that was set up to be used in Capital One’s IT environment. The exposed data included administrative access credentials, passwords, and private keys for use in Capital One systems.

Tim Hortons hit by malware
A malware hit Tim Hortons, forcing them to shutdown operations. The company has said that the malware hit fewer than 100 locations, attacking the Panasonic cash registers that the chain uses. The Great White North Franchisee Association (GWNFA) which represents Tim Hortons franchisees is threatening legal action against RBI for the loss of revenue.


    • Share this blog:
    Cyware Daily Threat Intelligence March 06, 2018
    Cyware Daily Threat Intelligence February 28, 2018
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.