Cyware Daily Threat Intelligence May 10, 2018

Share Blog post

Top Malware Reported in the Last 24 Hours
Ctrl+Inject technique 
Security researchers have found a new injection attack technique named Ctrl+Inject which can be used by hackers to hide malware inside the CLI apps in order to bypass security protections. The technique can be used to abuse the Windows CtrlRoutine function. 

BitKangaroo ransomware
Ransomware developers have come up with a new tactic with a new-in-development ransomware, named BitKangaroo, to scare victims who refuse to pay any ransom. The ransomware encrypts the victim's file using AES-256 encryption and then appends all the files with .bitkangaroo extension. It then displays a 60-minute countdown after which the ransomware deletes one encrypted file. Once the file is deleted, the timer is reset to 60 minutes. 

GandCrab ransomware 
Security researchers have recently found a series of compromised websites which are being used to deliver GrandCrab ransomware. The malware is disguised as an online order which goes by the name as "Your Order # (Random Digit)". This contains a ZIP file which when clicked, downloads the malicious macros and executes the ransomware.

Top Vulnerabilities Reported in the Last 24 Hours
Microsoft's May 2018 security update
Microsoft has released the security updates for May 2018 to address a number of vulnerabilities. This also includes patches to fix remote code execution vulnerabilities -- CVE-2018-0959 and CVE-2018-0961 -- that existed in Windows Hyper-V.

New tech support scam uncovered
Researchers have discovered tech support scam, dubbed as Shoppers Stop tech scam, that compromised thousands of websites with malicious ad injections. Under this attack, the user is redirected to browser locker page that claims their computers are infected.

New attack vector discovered
A newly developed exploit has been discovered to bypass 2-factor authentication and can be used against any site. The attack is based on proxying the user through the attacker’s system with a credentials phish that uses a typosquatting domain.


 Tags

Posted on: May 10, 2018



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.