Cyware Daily Threat Intelligence March 22, 2018

Top Malware Reported in the Last 24 Hours
Qrypter backdoor
A new RAT, dubbed Qrypter, is being touted as a major competitor to existing cross-platform backdoors. This Malware-as-a-Service (MaaS) platform is being used by hackers to inject the tool into victims' systems using phishing emails. Once installed, the tool can manipulate file systems, install additional files, control the Task Manager and gain access to the PC's webcam.

TeleRAT
TeleRAT, a new Android Trojan is spreading itself using third-party Android app stores disguised as legitimate apps. The Trojan uses Telegram Bot API to communicate with the command and control (C&C) server and to exfiltrate data. TeleRAT is able to receive and carry out a range of commands and gain access to sensitive information.

Zenis ransomware
The victims of Zenis ransomware are being warned by hackers to pay up the ransom amount or risk losing their infected files forever. The ransomware uses a customized encryption method to encrypt the files of the infected machine. The method of distribution is yet unknown, though there is a possibility of it spreading through remote desktop services.

Top Vulnerabilities Reported in the Last 24 Hours
64-bit pool memory disclosure flaw
A memory disclosure vulnerability was found in the Microsoft Windows Kernel, that can be exploited via REG_RESOURCE_REQUIREMENTS_LIST registry values. Attackers can exploit this flaw to obtain information which can be used to compromise a victim’s system.

Siemens fixes multiple flaws
Siemens has released security updates for its mobile app that fixes several vulnerabilities--including a denial-of-service (DoS) vulnerability that affects the SIMATIC controllers. The flaw has been dubbed CVE-2018-4843, and can be exploited by sending specially crafted PROFINET DCP packets to the target systems.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.