Cyware Daily Threat Intelligence March 29, 2018

Fauxpersky malware
A new keylogger malware has been discovered by security researchers impersonating the AV software Kaspersky. The Fauxpersky keylogger is built from a popular app called AutoHotKey and is used to infect USB drives and collect data. Security researchers note that this malware is by no means advanced or even very stealthy.

SHARPKNOT malware
US-CERT is warning organizations of a new strain of malware, called SHARPKNOT. Reports about the malware have been released in the latest Malware Analysis Report, (MAR), generated after due analysis by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Users are advised to install strong antivirus software to stay safe.

Panda Banker
Financial institutions in Japan are being targeted by a baking malware, named Panda Banker. It's also known as Zeus Panda or PandaBot. The malware uses the man in the browser technique along with “webinjects” that specify what websites to target and how. Siemens recorded multiple vulnerabilities
Multiple critical vulnerabilities were recorded by Siemens in its telecontrol and building automation products. A critical flaw was also recorded in its SIMATIC systems. The flaws resulted due to the use of a vulnerable version of a Gemalto License Management System (LMS). To stay safe, customers are advised to update the LMS to version 2.1 SP4 (2.1.681).

Flaws in Monero
Security researchers have found two security flaws in Monero cryptocurrency that would allow users to trace the transactions. Transactions that took place years ago could easily be analyzed for information about a certain organization. Monero has already been updated to counter these flaws and avoid tracing of transactions. BNM foiled an attempt at cyber attack
Bank Negara Malaysia (BNM), Malaysia’s central bank detected and managed to block an attempted cyber attack. Attackers used falsified SWIFT messages to carry out unauthorized fund transfers. No financial loss has been recorded.

Boeing production plant hit by WannaCry
South Carolina's Boeing production plant is infected by the infamous WannaCry ransomware, recently. Thankfully, the vulnerability was limited to a few machines and software patches were deployed soon after. The attack potentially affected machines of Boeing’s 787 Dreamliner North Charleston, South Carolina, and the 777X Composite Wing Center.

Records of 42,000 patients exposed
An exposed port, port 873, within IT systems resulted in leakage of records belonging to 42,000 patients. This port is typically used for rsync (remote synchronization) Exposed data includes staff home addresses, spousal details, and even the names of their children.