Cyware Daily Threat Intelligence March 28, 2018

Hajime botnet
A new IoT botnet, dubbed Hajime, has been discovered carrying out massive suspicious scans for port 8291 on unpatched MikroTik devices. Here, the attackers used the Chimay Red vulnerability that affects MikroTik RouterOS firmware 6.38.4 and earlier. This vulnerability allows hackers to execute code and install the Hajime bot.

Grey Heron spyware
Security experts have come across an advertising malware called Grey Heron. The malware is specifically designed to steal data from Signal and Telegram messaging apps. Investigations conducted by the Motherboard firm revealed links between the company and the Italian surveillance firm, Hacking Team.

Trojan.PWS.Stealer.23012
A new malware campaign has been noticed spreading through the description in videos on YouTube. The Trojan.PWS.Stealer.23012 virus steals files and other confidential information from the infected device. The malware is written in Python and infects computers running Microsoft Windows. Librelp stack overflow vulnerability
A security patch has been released for a critical vulnerability (CVE-2018-1000140) discovered in librelp. The security issue is found to have caused due to a call to snprintf. If attackers manage to control the data provided to snprintf, it can lead to a stack overflow and the potential to remotely execute code.

Microsoft’s Meltdown fix made PCs insecure
A couple of months ago, Microsoft released Meltdown mitigation for Windows 7 systems. Researchers found a new vulnerability in the patch that can allow any process to read the complete kernel memory at speeds--as much as gigabytes per second. Microsoft has already fixed the issue.

OpenSSL update patches
OpenSSL has released patches to three vulnerabilities in patch versions 1.1.0h and 1.0.2o. The three security flaws include CVE-2018-0739--a denial-of-service (DoS) vulnerability, CVE-2018-0733--that allows hackers to forge authenticated messages, CVE-2017-3738--an overflow bug. 2100 patients die each year due to data breaches
Dr. Sung Choi, a researcher at the Vanderbilt University claimed that more than 2100 patients die each year due to data breaches affecting hospitals. The report was released after analyzing the data from HHS and CMS to compare patient-care metrics at hospitals that have experienced a data breach and comparing them with hospitals that haven't.

Baltimore's 911 dispatch system hacked
Cybercriminals have managed to hack Baltimore's 911 dispatch system and shut it down temporarily. The computer-aided dispatch or CAD system was infiltrated, affecting he computer-aided dispatch or CAD system. This means the information was relayed by call center support staff manually.

Brute force attack on Northern Ireland Assembly
Unknown hackers have launched a brute force attack on the Northern Ireland Assembly Commission’s Email services. The Assembly Commission’s IT system has already taken steps to enhance security. Staff was already asked to change their passwords, immediately.