Cyware Daily Threat Intelligence May 10, 2018

Top Malware Reported in the Last 24 Hours
Ctrl+Inject technique 
Security researchers have found a new injection attack technique named Ctrl+Inject which can be used by hackers to hide malware inside the CLI apps in order to bypass security protections. The technique can be used to abuse the Windows CtrlRoutine function. 

BitKangaroo ransomware
Ransomware developers have come up with a new tactic with a new-in-development ransomware, named BitKangaroo, to scare victims who refuse to pay any ransom. The ransomware encrypts the victim's file using AES-256 encryption and then appends all the files with .bitkangaroo extension. It then displays a 60-minute countdown after which the ransomware deletes one encrypted file. Once the file is deleted, the timer is reset to 60 minutes. 

GandCrab ransomware 
Security researchers have recently found a series of compromised websites which are being used to deliver GrandCrab ransomware. The malware is disguised as an online order which goes by the name as "Your Order # (Random Digit)". This contains a ZIP file which when clicked, downloads the malicious macros and executes the ransomware.

Top Vulnerabilities Reported in the Last 24 Hours
Microsoft's May 2018 security update
Microsoft has released the security updates for May 2018 to address a number of vulnerabilities. This also includes patches to fix remote code execution vulnerabilities -- CVE-2018-0959 and CVE-2018-0961 -- that existed in Windows Hyper-V.

New tech support scam uncovered
Researchers have discovered tech support scam, dubbed as Shoppers Stop tech scam, that compromised thousands of websites with malicious ad injections. Under this attack, the user is redirected to browser locker page that claims their computers are infected.

New attack vector discovered
A newly developed exploit has been discovered to bypass 2-factor authentication and can be used against any site. The attack is based on proxying the user through the attacker’s system with a credentials phish that uses a typosquatting domain.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.