Cyware Daily Threat Intelligence March 15, 2018

Top Malware Reported in the Last 24 Hours
PinkKite malware
A new strain of point-of-sale (PoS) malware, dubbed PinkKite, has been spotted by security researchers. The malware is designed to implement classic memory-scraping feature and procedures for data validation. The malware is also found to employ a layer of obfuscation via a double-XOR operation make it harder to detect.

Bitcoin-stealing malware
A bitcoin stealing malware is found hosted on Download[dot]com servers that swapped user accounts with that of the attackers. The malware is dropped using a trojanized Win32 Disk Imager application, a variant of MSIL/TrojanDropper.Agent.DQJ.

Malicious PowerShell Script
A PowerShell script available on Github is found prompting victims to enter their login credentials, that are then sent to a remote server if they are found to be correct. Users can end the prompt in Task Manager by terminating the process called, "Windows PowerShell".

Top Vulnerabilities Reported in the Last 24 Hours
Win32k privilege escalation vulnerability
A local privilege-escalation vulnerability, tracked as CVE-2018-0977, has been found in the Windows kernel. Attackers can exploit the issue to execute arbitrary code in kernel mode with elevated privileges. To stay safe, users are advised to permit local access for trusted individuals only.

March security patches
Patches for March 2018 have been released by SAP, fixing high and medium priority vulnerabilities in its products. Fixed security flaws include 6 missing authorization checks, 5 information disclosures and 4 Cross-Site Scripting errors. SAP also addressed 3 SQL injection bugs, 2 directory traversal issues, 2 implementation flaws, DoS, hardcoded credentials, XML external entity, code injection, and clickjacking bugs.

Top Breaches Reported in the Last 24 Hours
Unsecured Amazon S3 Bucket
An unsecured Amazon S3 storage bucket containing MSSQL database backup file has been found by security researchers. The bucket also contains personal details and plain-text passwords of over 1.3 mn people. Exposed details include addresses, zip-codes, e-mail addresses, and IP addresses.

Fortnite gamers, be warned!
Players of Fortnite video game are being warned of possible malicious campaigns, designed to hijack their accounts. Hackers might be using popular hacking methods like mining passwords to hack into accounts. Moreover, the payment details saved on the Fortnite game accounts were used by the hackers to make fraudulent payments.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.