A ransomware attack at Bridport school has resulted in the complete shutdown of the school’s computer network. The incident occurred after a school staff opened a phishing email. The spoofed email included a malicious attachment that contained a virus. According to the expert, the hacker was familiar with the particular it came from. All data in the school’s local network has been lost. The information stored in the system is currently encrypted and cannot be accessed.
Researchers have tracked a massive data harvesting campaign linked to a Chinese IT and services giant Hangzhou Shunwang Technology. Dubbed as ‘Operation Sheep’, the campaign was used to collect phone contact lists, geolocation, and QQ messenger login info. It was done through a data-stealing component, which is present in up to a dozen Android apps available from major third-party stores in the country. Most of the apps are system utilities and can be installed from big-name app stores in China such as Tencent MyApp, Wandoujia, Huawei App Store, and Xiaomi App Store.
Top Malware Reported in the Last 24 Hours
DMSniff POS malware
Researchers have discovered that the DMSniff POS malware has been silently infecting small and medium-sized businesses for the past four years. The malware has been active since 2016 and is primarily used by cybercriminals to steal credit card information of customers. The malware is distributed either by tampering the devices or brute-forcing weak passwords or by exploiting vulnerabilities in the devices.
A new POS malware called GlitchPOS was found targeting firms in the retail and hospitality sectors. The malware strain is being distributed via phishing emails that include a fake game video featuring a cute cat. Once the user clicks on the video, the malware gets downloaded and skims credit card numbers by infecting the POS systems.
Attackers are leveraging a zero-day RCE flaw in Counter-Strike 1.6 clients to infects users with a new Belonard trojan. Once launched, the trojan enables the attackers to modify user’s CS1.6 clients and show ads inside users’ games. In order to gain persistence and expand the infection process, the Belonard malware would create proxy servers running on users’ computers.
New BitLocker attack
Security researchers have across a new attack vector that could enable the attackers to extract BitLocker encryption keys from a computer’s TPM (Trusted Platform Module). For this, all that an attacker needs is a $27 FPGA board and some open-sourced code or a Logic Analyzer. The experiment was demonstrated by extracting keys from the LPC bus on both TPM 1.2 and TPM 2.0 chips.
Top Vulnerabilities Reported in the Last 24 Hours
A bug in SiteGround Optimizer plugin
A critical privilege escalation vulnerability has been discovered SiteGround Optimizer and Caldera Forms Pro plugins. The bug can allow attackers to remotely execute arbitrary code on vulnerable sites. Both SiteGround and Caldera have fixed the patch respectively. While updates for the SiteGorund environment plugin gets updated automatically, Caldera Forms Pro users must make sure that they use versions 1.7.7 or 1.8.2.
Chrome 73.0.3683.75 released
Google has released Chrome version 73.0.3683.75 for Windows, Mac and Linux. The version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. The vulnerabilities addressed in this security update are CVE-2019-5787, CVE-2019-5789, CVE-2019-5790, CVE-2019-5791 and CVE-2019-5788.
WordPress releases a fix for XSS flaw
The WordPress team has fixed a cross-site scripting (XSS) flaw found in WordPress. The flaw could allow attackers to take over websites by luring a logged on administrator into visiting a malicious website. The vulnerability affects all the versions of WordPress prior to 5.1.
cross site scripting xss flaw
privilege escalation vulnerability
siteground optimizer plugin
Posted on: March 14, 2019
More from Cyware
Stay updated on the security threat landscape and technology
innovations at Cyware with our threat intelligence briefings and
understand how you interact with our website. By continuing navigating
through Cyware’s website and its products, you are accepting the
browser’s ability to accept cookies and how they are set. For more
information, please see our