Cyware Daily Threat Intelligence March 07, 2018

Top Malware Reported in the Last 24 Hours
GandCrab ransomware version 2
A new version of the GandCrab ransomware has been discovered by researchers with considerable changes as against its predecessor. The new hostnames are politiaromana.bit, malwarehunterteam.bit, and gdcb.bit. Currently, there is no decryption tool available for the GandCrab v2.

Gozi Trojan
The infamous Trojan, Gozi ISFB, has been observed using the elusive "Dark Cloud" botnet for distribution. The Trojan is being distributed via malicious spam email campaigns in which the attached Microsoft Word file attachments have an embedded, obfuscated VBA Macro.

Top Vulnerabilities Reported in the Last 24 Hours
Bypass Microsoft’s Control Flow Guard (CFG)
Microsoft’s Control Flow Guard (CFG) that was implemented in all Windows operating systems from Windows 8.1 to the latest version of Windows 10, was found to be futile after researchers discovered ways to bypass this security feature. CFG was initially designed to prevent attackers from hijacking a program's control flow and directing it toward their own malicious code.

Vulnerability in Exim
A security issue was discovered in Exim message transfer agent. The flaw affects all Exim versions below 4.90.1. The flaw, indexed as CVE-2018-6789, can be leveraged to gain pre-auth Remote Code Execution.

Google fixes critical Android flaws
Patches have been released for 11 critical vulnerabilities discovered in Android operating system in addition to dozens of less severe security issues in its March Android Security Update. Security patch levels of 2018-03-05 or later address around 37 flaws, with 26 rated as high severity.

Top Breaches Reported in the Last 24 Hours
Nike's server data exposed
An undisclosed flaw in Nike's website allowed hackers to read server data, that also included passwords. The bug allowed hackers to gain access to a server's files that resulted in the exposure of content including every username detail who logged in to the server, such as system administrators.

Attacks on govt institutions
A series of attacks, attributed to the hacker group APT28, have been discovered targeted towards various government institutions in Montenegro--including the Montenegrin Defense Ministry and the Podgorica government. Speculations are being made that the reason behind the attacks is Montenegro’s decision to join NATO. There were 400 attacks in nine months in 2017.

W2 tax scams
An Independent School District in Texas, Rockdale, became victims of spearphishing attacks--where, hackers stole their W-2 tax form information. The breach was not discovered until February 26 when several employees had false income tax filings made using their data. Users are advised to exercise caution.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.