Share Blog post
A new Android malware, that masquerades as apps such as VPN and Android system apps, has been discovered by security researchers. The malware is dubbed HenBox, and is spreading through third-party app stores. It steals information from the devices from a myriad of sources, including many mainstream chat, communication, and social media apps.
This malware is a cyber espionage tool that matches known platforms Project Sauron and Regin in complexity. Slingshot is believed to be active since 2012, but managed to bypass security detection such as Driver Signature Enforcement, by loading signed vulnerable drivers and running its own code through those security holes.
A malspam campaign has been discovered spreading Sigma ransomware through emails. The emails pretend to be responses to short- term job postings on Craigslist, and contain malicious password protected Word or RTF documents--which when clicked, download the malware.
Researchers have discovered that cache side-channel attacks can be detected using CPU performance counters. These counters can be used in environments where they’re available. Their availability can be checked by running perf stat -e -a cache-references, cache-misses, LLC-loads, LLC-load-misses on Linux with perf-tools installed.
Flaws in Hanwha smart cameras
Around 13 vulnerabilities have been found in Hanwha smart cameras by security researchers. The SmartCam uses HTTP for firmware updates and interaction with the camera. This can be exploited for intercepting traffic and manipulating the web-based user interface. Remote code execution, Denial of Service (DoS) and brute-force attacks are also possible.
Flaws in Samba server are fixed
Samba networking software released new updates that address two critical vulnerabilities. The flaws could allow unprivileged remote attackers to launch DoS attacks against servers and change any other users' including admins’ passwords.
A malware attack gave hackers the access to nearly 134,512 records belonging to the patients of the St. Peter’s Surgery and Endoscopy Center in New York. Investigations are still continuing to determine whether patient data was viewed, accessed or stolen. Data in the records include names, dates of birth, addresses, diagnosis codes, and insurance information details.
Ransomware attacks on Taiwan
A survey conducted by Trend Micro has revealed that Taiwan is the worst hit country by ransomware attacks, last year. Companies suffered a loss of $5 billion in US dollars. Affected companies are warned to comply with the newly passed GDPR guidelines.
Users are warned that Epic Games hasn't sent out invitations for Fortnite Battle Royale for mobile devices. Epic Games has only opened up signups for the invite on iOS for now. Scammers have already starting launching campaigns on social media, posting fake invites. These fake invites are up for grab for a follow, retweet, PayPal payments, or PSN and Amazon gift certificates.
Tech support scam
Hackers are re-using the Microsoft tech support scam in order to trick users into downloading an app that gives them complete control over their machine. The scam works as follows: a fraudulent pop-up appears on the browser with the intention of scaring the intended victim into calling for remote assistance. Victims who call the number are tricked into downloading the malicious app.
Posted on: March 13, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.