Cyware Daily Threat Intelligence May 02, 2018

Top Malware Reported in the Last 24 Hours
LoJack attack
A new attack technique has been identified by security researchers that uses computer-recovery tool LoJack in order to breach the target company's security defenses. The malicious command and control (C&C) domains used in this attack technique pointed to the involvement of the Fancy Bear hacker group.

MassMiner exploits
MassMiner is found to be spreading by exploiting CVE-2017-10271, CVE-2017-0143, CVE-2017-5638, and brute forcing access to Microsoft SQL Servers using SQLck. It propagates across the internet, only after expanding within the local network. Once the malware has been installed, it sets up the system to avoid detection and ensure persistence.

Crypto-mining malware for IoT devices
As per reports released by Trend Micro, crypto-mining malware that are targeting Internet of Things (IoT) devices are increasingly available on dark marketplaces. Even though the computing power of smartphones and IoT devices is much lower when compared to laptops and servers, cyber criminals are developing such malware as they are easy targets.

Top Vulnerabilities Reported in the Last 24 Hours
Privilege escalation bug in Linux Kernel
Security experts have revealed the presence of an eight-year-old vulnerability in the latest Linux Kernel version. Dubbed as CVE-2018-8781, the flaw could be exploited to escalate local privileges. Exploiting this bug allows a local user to gain access to a vulnerable privileged driver, read and write to sensitive kernel memory, and cause a local privilege escalation.

Critical RCE flaw in Schneider Electric
A critical remote code execution vulnerability has been discovered in the popular Schneider Electric software. This flaw has the capabilities of allowing an unauthenticated malicious actor to remotely execute code with high privileges, and exposing power and manufacturing plants to security breaches. Users are advised to upgrade to InduSoft Web Studio v8.1 SP1 and InTouch Machine Edition 2017 v8.1 SP1 immediately.

Multiple vulnerabilities in PHP
A series of updates to fix up to 40 vulnerabilities across four different versions of the PHP (Hypertext Preprocessor) server-side scripting language. Affected versions are PHP 7.2 prior to 7.2.5, PHP 7.1 prior to 7.1.17, PHP 7.0 prior to 7.0.30, and PHP 5.0 prior to 5.6.36.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.