Share Blog post
Spoofed emails, disguised as important Swift messages, are being used to by hackers to spread the cross-platform remote access trojan (RAT) Adwind. The RAT is configured to communicate with a the C&C server of the hacker. Once the communication is established, attackers can remotely access the file system to read, write or delete files.
A previously undocumented RAT, called FlawedAmmyy, is being distributed through two massive email campaigns. The Trojan is based on leaked source code for version 3 of the Ammyy Admin remote desktop software. Users are advised not to open emails that come from strangers.
New variants of Dofoil trojan, a.k.a Smoke Loader have been blocked by Windows Defender AV. The Trojan was found carrying coin miner payloads--the are used to mine NiceHash cryptocurrency.
New security updates have been released by Cisco, for two critical vulnerabilities--including CVE-2018-0147 and CVE-2018-0141--among 20 other issues. These vulnerabilities have been patched in Cisco Secure ACS 18.104.22.168.9 Cumulative Patch and Cisco Prime Collaboration Provisioning Software Releases 12.1 respectively.
Chrome 65 update
Chrome 65, which includes 45 security fixes developed via the developer channel versions, has been released by Google for Android, Mac, Windows, and Linux users. Chrome 65 for Android and others will be available for download through Google Play in the next few weeks.
Cisco Access Control Server is vulnerable
The Cisco Access Control Server (ACS) is found to be vulnerable to remote attacks. Hackers can gain access to the Web-based user interface of the Cisco Secure Access Control Server due to the CVE-2017-12354 flaw. The flaw results in improper handling of XML External Entities (XXEs) when parsing an XML file.
Posted on: March 08, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.