Cyware Daily Threat Intelligence May 22, 2018

Vega Stealer
A new malicious program, named Vega Stealer, has been discovered stealing credit card data and saved credentials within the Web-browsers Firefox and Chrome. Vega Stealer is a variant of the August Stealer strain. Users are advised to change existing login information to any accounts they access using Chrome or Firefox. Additionally, disable Autofill in your browsers.

Roaming Mantis upgrades to Cryptomining
The Roaming Mantis DNS hijacking attacks are now improved. The attacks cater to 27 different languages, including English, Spanish, Hebrew, Chinese, Russian and Hindi. It now has the capabilities to attack both Android and iOS users. In addition to stealing sensitive information, the Coinhive Javascript miner is run to exploit the CPU of the machine for maliciously mining Monero. New variant of Spectre
A security flaw in Intel, ARM and AMD chips has been discovered by security researchers in Microsoft and Google. Dubbed Speculative Store Bypass or “Variant 4”, this flaw affects a broad swath of modern computing chips. The flaw (CVE-2018-3639) is related to the Spectre and Meltdown chip flaws.

LPE vulnerability in Dell
A local privilege escalation (LPE) vulnerability in SupportAssist has been patched by Dell on all new devices running on Windows. The security issue resides in a kernel driver that the tool loads. Hackers can abuse this vulnerability to bypass driver signature enforcement (DSE) ad infinitum. This exposes functionality such as capabilities to read and write the model-specific register (MSR).

Comcast website bug
A new bug has been discovered in Comcast's website used to activate Xfinity routers. The flaw allows hackers to access sensitive information, rename Wi-Fi network names and passwords, thus, temporarily locking users out. For now, the option has been removed from the website. Nuance data breach
Nuance recently announced that it was involved in a healthcare data breach that impacted 45,000 patient records. An unidentified third party has gained access to one of its medical transcription platforms. Names, dates of birth, medical record numbers, patient numbers, and information dictated by the provider of approximately 900 San Francisco Department of Public Health patients were affected.

CSC data breach
Corporation Service Company (CSC) recently notified its customers that the company became a victim of a data breach. Hackers got hold of the company’s network and stole customers’ personal information and payment details. The data breach affected 5000 customers from California. It is unclear whether or not customers outside California have been affected.