Cyware Daily Threat Intelligence May 04, 2018

Top Malware Reported in the Last 24 Hours
Necrus campaign
An evolved variant of the Necrus botnet was found using .url files as part of its infection chain to bypass traditional detection mechanisms. The malware is sending malspam emails with an internet shortcut to a downloader script, which is executed remotely via the Server Message Block (SMB) protocol. Users must be careful not to download and execute .url files without scanning them.

New malicious campaign
Fake Flash updates are being used by a redirection sequence, ScrnSize, in order to carry out various malicious activities like fingerprinting and filtering, domain infringement, domain shadowing, cookie tracking, and malicious downloads. To stay safe, users are advised to map their digital presence and monitor it for vulnerabilities and compromises.

Top Vulnerabilities Reported in the Last 24 Hours
AMD’s Ryzenfall flaws
Earlier in March, CTS Labs released information regarding a new set of vulnerabilities, dubbed as Ryzenfall, found in the most basic aspects of the Ryzen and EPYC processors. Even though AMD has acknowledged these flaws and promised to release an update, no patches have been released. Security experts are of the belief that many of these flaws would take months to get fixed.

Windows 10 Meltdown patch has a flaw
A fatal flaw has been spotted in Microsoft's Windows 10 patches that were released to mitigate the Meltdown vulnerability. This bug allows hackers to bypass the issued patches. Windows 10 April 2018 Update (version 1803) appears to be the only version of Windows 10 coming with a fix in this regard.

Spectre next generation flaws
Eight flaws that are similar to the Spectre vulnerability have been identified by security researchers. Dubbed Spectre-NG, these flaws are discovered in modern processor designs. Intel has already announced that it is working on its own patches for Spectre-NG and developing others in cooperation with the operating system manufacturers.

Top Breaches Reported in the Last 24 Hours
Bug in Twitter
Twitter discovered a bug in their internal systems which stored passwords in plain text. The social media platform urged all its 336 million users to change their passwords immediately. Twitter claimed that the bug has been resolved and there is no indication of breach or misuse of the user passwords.

OPSPARC results sabotaged
Users from 4chan launched a campaign to hack the results of NASA’s Optimus Prime Spinoff Promotion and Research Challenge (OPSPARC). Hackers used social media to disrupt the contest and manipulate the votes of a group of high school girls representing Banneker Academic High School in Washington, D.C. NASA ended the public voting soon after.

Top Scams Reported in the Last 24 Hours
GDPR-themed scams
Scammers are leveraging the European Union's GDPR to steal users’ information. Security experts of Redscan came across one such phishing campaign targeting Airbnb customers. Fake emails are being sent seeking consent from users in lieu of the GDPR implementation deadline. The email has a malicious URL asking users to click on it in order to update their personal information.

Facebook lottery scam
Queensland Police are warning Facebook users of a lottery scam, where a person claiming to be a Facebook employee, says they won a $7.5 million social media “lottery” prize. Till date, more than 30 people have fallen for the scam.

ProtonMail is warning its customers
ProtonMail is sending emails to its customers warning them about a phishing scam. ProtonMail emails are starred by default. There fore, if you receive any emails that appear to be coming from the emailing service but aren't starred, mark them as spam. Future emails from the same source will go to the your spam folder.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.