Cyware Daily Threat Intelligence May 11, 2018

NigelThorn malware campaign
Security researchers have spotted a new malware campaign, dubbed as NigelThorn that spreads through Facebook to steal data from the social media platform. The victims are infected with malicious browser extensions used for stealing social media credentials and install crypto miners.

Rowhammer attack
Security researchers have found a new way to launch Rowhammer attacks via network packets and network cards. Dubbed as Throwhammer, the attackers begins the attack by bombarding a victim's network card with specially-crafted packets.

Guerilla ad clicker malware
Certains apps in Google Play Store have been discovered to be used for hiding the Guerilla ad clicker malware. Legitimate games, flashlight, or photo editor are being used to hide this malware. The malware helps the hackers in generating fraudulent ad revenue. Chrome updates released
Google recently issued a new stable version of its Chrome 66 web browser version 66.0.3359.170. This edition is currently rolled out to Linux, Mac, and Windows users in order to fix few important security issues. 

Vulnerabilities in voice AI
There's a rise in vulnerabilities in voice AI. One of the flaws that researchers have includes recording commands at a frequency beyond what human can hear. Such secret commands could be used to send a message, make purchases, wire money and do anything that these virtual assistants are capable of.

Flaw in Telstra
Recently, Telstra found a vulnerability in its service that could potentially expose their cloud customers who run self-managed resources. Telstra users are advised to either delete or disable the TOPS or TIRC account (privileged administrator accounts) on self-managed servers. Fundraising site breached 
The fundraising site of the campaign group 'Together for Yes', has shut down after it was hit by a domestic DDoS attack. The attack took place at a peak time that would ordinarily be a peak time for donation.

'Rossotrudnichestvo' hijacked
Recently, 'Rossotrudnichestvo', a Russian website related to the government agency was hijacked by hackers. After being hijacked by an anonymous hacker, the website displayed a warning against the state body for banning the Telegram messaging app.

Goodyear PoS system breached
The City of Goodyear recently discovered that its bill payment system has been compromised. Due to the incident, 30,000 Goodyear utility customers have been affected. The affected systems mainly handled the credit and debit card transactions.




Apple ID phishing scam
Researchers have detected a new Apple ID phishing scam that uses a known social engineering tactic to pressurize users into divulging their personal details. If they fail to do so, they are threatened of their service being suspended. Phishing email that looks like a legitimate email from Apple is being used to carry out the scam.

Netflix scam
Netflix subscribers need to look out for a convincing phishing scam which targets users' for personal and financial details. The phishing email informs the subscribers that their membership has been put on hold and that they need to complete a validation process by providing their account details. 

Blackmail scam
A new scam has been discovered that targets married men from affluent societies around the US. The scam involves sending letters to the target that claims about their infidelity and demands money in bitcoin.