Cyware Daily Threat Intelligence March 16, 2018

GandCrab ransomware tweaked
Developers of the GandCrab ransomware are continuously tweaking the malware in order to keep the ransom flow in. While early versions of the ransomware are laden with bugs, the newer versions are being released with components that can render the decryptor tool useless.

Monero Cryptominer on PostgreSQL DBMS servers
A malware that cryptomines for Monero has been discovered by security researchers, on PostgreSQL DBMS servers. Hackers are propagating the malware using an image of Hollywood star Scarlett Johansson. Once a victim downloads the image, the malware tries to brute force its way into the DBMS.

GitHub hosts LokiBot
Cyber criminals are using GitHub to push a variation of the binary credential stealing malware, LokiBot, to Windows computers. LokiBot is designed to steal credentials from a variety of popular email clients and web browsers. Antivirus software are finding it difficult to detect the malware, as the attackers are frequently repacking the binaries. Safari exploits discovered
A team of researchers has discovered several flaws in Apple Safari browser. They were able to target Apple Safari with a sandbox escape, using two vulnerabilities - a heap buffer underflow in the browser and an uninitialized stack variable in macOS.

Adobe fixes vulnerabilities
Adobe released Flash player updates version 29.0.0.0.113 in order to fix two flaws: a remote code execution vulnerability rated critical (CVE-2018-4919) and Type Confusion-based remote code execution vulnerability (CVE-2018-4920). Users who have activated the auto-update function of the Flash-Player will receive the update automatically.

Windows 7 patch causes issues
Monthly Rollup for Windows 7 and Server 2008 R2, KB 4088875 is no longer being offered as an automatic update, as the patches have been found to cause problems with IP addresses on servers’ virtual Network Interface Cards (vNICs). The patch was released for systems running Windows 7 SP 1 and Windows Server 2008 R2 SP1.