Share Blog post
A new strain of point-of-sale (PoS) malware, dubbed PinkKite, has been spotted by security researchers. The malware is designed to implement classic memory-scraping feature and procedures for data validation. The malware is also found to employ a layer of obfuscation via a double-XOR operation make it harder to detect.
A bitcoin stealing malware is found hosted on Download[dot]com servers that swapped user accounts with that of the attackers. The malware is dropped using a trojanized Win32 Disk Imager application, a variant of MSIL/TrojanDropper.Agent.DQJ.
Malicious PowerShell Script
A PowerShell script available on Github is found prompting victims to enter their login credentials, that are then sent to a remote server if they are found to be correct. Users can end the prompt in Task Manager by terminating the process called, "Windows PowerShell".
A local privilege-escalation vulnerability, tracked as CVE-2018-0977, has been found in the Windows kernel. Attackers can exploit the issue to execute arbitrary code in kernel mode with elevated privileges. To stay safe, users are advised to permit local access for trusted individuals only.
March security patches
Patches for March 2018 have been released by SAP, fixing high and medium priority vulnerabilities in its products. Fixed security flaws include 6 missing authorization checks, 5 information disclosures and 4 Cross-Site Scripting errors. SAP also addressed 3 SQL injection bugs, 2 directory traversal issues, 2 implementation flaws, DoS, hardcoded credentials, XML external entity, code injection, and clickjacking bugs.
An unsecured Amazon S3 storage bucket containing MSSQL database backup file has been found by security researchers. The bucket also contains personal details and plain-text passwords of over 1.3 mn people. Exposed details include addresses, zip-codes, e-mail addresses, and IP addresses.
Fortnite gamers, be warned!
Players of Fortnite video game are being warned of possible malicious campaigns, designed to hijack their accounts. Hackers might be using popular hacking methods like mining passwords to hack into accounts. Moreover, the payment details saved on the Fortnite game accounts were used by the hackers to make fraudulent payments.
Posted on: March 15, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.