Cyware Daily Threat Intelligence March 04, 2019

Top Breaches Reported in the Last 24 Hours

Attackers defaced multiple pages with words ‘Jerusalem is the capital of Palestine’
Hackers failed to drop ransomware and freeze more than 1 million Israeli web pages. However, they managed to deface multiple web pages with the words ‘Jerusalem is the capital of Palestine’. Hackers found a breach connected to the Nagich website, to block access to its customers. The attackers who found the breach gained access to Nagich’s DNS records and altered the number denoting the domain name in order to redirect traffic from Nagich to their server.

Rutland Regional Medical Center data breach
Rutland Regional Medical Center(RRMC) has suffered a data breach compromising private data of over 72,000 patients. The compromised personal information included patients’ names, contact information, and medical record numbers. The data breach also involved almost 4000 Social Security Numbers.


Top Malware Reported in the Last 24 Hours

Ransomware impersonates Proton technologies' security team
Researchers spotted a new variant of the GarrantyDecrypt that pretends to be the security team for Proton technologies. The ransom note pretending to be from the Proton security team claims that the victim’s server has been attacked by an outsider and demands a service fee of $780 for decrypting the files.

Necurs botnet uses a new technique to evade detection
Researchers spotted Necurs botnet leveraging a new technique to evade detection while adding more bots to its web. Researchers detected that the Necurs botnet’s latest campaign had new payloads to make itself invisible to detection by antivirus programs.

Community-contributed container image abused to deliver malware
Security researchers have uncovered a community-contributed container image that has been abused to deliver cryptocurrency mining malware. Upon analysis, researchers detected two payloads. The first payload is a cryptocurrency miner that connects to a mining pool and the second is a shell script which is designed to retrieve certain networking tools.


Top Vulnerabilities Reported in the Last 24 Hours

New vulnerability impacts Windows IoT Core devices
Researchers discovered a new vulnerability that impacts the Windows IoT Core Operating System. The vulnerability affects only the Windows IoT Core and Windows IoT OS version devices that run in a single application such as smart devices or control boards and does not impact the Windows IoT Enterprise advanced version.

Adobe patches ColdFusion vulnerability
Adobe has released security updates to fix the critical zero-day vulnerability (CVE-2019-7816). The vulnerability is a file upload restriction bypass issue that could lead to arbitrary code execution. The security issue has been fixed in ColdFusion 11, ColdFusion 2016, and ColdFusion 2018.

Debian releases a security update
Debian has released a security update to address a buffer over-reads vulnerability in a popular file type guesser. The vulnerability has been fixed in version 1:5.22+15-2+deb8u5. Debian request users to upgrade Debian 8 'Jessie' to 1:5.22+15-2+deb8u5 version.


Top Scams Reported in the Last 24 Hours

Beyond the Grave phishing campaign
A new phishing campaign dubbed ‘Beyond the Grave’ targets hedge funds and financial institutions. The phishing campaign is designed to alter data confidentiality in the targeted hedge funds. These phishing emails impersonate a legitimate financial research company named Aksia and pretend to be research regarding rumors related to ESMA (European Securities and Markets Authority) halting short selling during Brexit.The companies that have been infected by the ‘Beyond the Grave’ virus include Elliot Advisors, Capital Fund Management, AQR, Citadel, Baupost Group, and Marshall Wace.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence March 05, 2019
Next
Cyware Daily Threat Intelligence March 01, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.