Cyware Daily Threat Intelligence May 23, 2018

Malware distributed via SYLK files
Security researchers have spotted a new technique used by hackers to spread malware. Cyber criminals are using emails containing malicious .slk files to lure potential victims. Since these files are simple text files, victims do not find the emails suspicious and open them. The emails then ask victims to update dynamic content in order to execute malicious code.

Brain Food botnet
A malicious PHP script has been found in more than 5,000 websites, redirecting users to web pages hosting diet and intelligence boosting pills. The PHP script is a part of the Brain Food botnet. The botnet uses malicious URLs to trick victims into downloading the script.

Mac Cryptominer
A mac cryptominer using XMRig is found mining Monero cryptocurrency. Hackers were found using ‘mshelper’ process to consume CPU power. Investigations show that the malware isn't sophisticated and can be easily removed from the system. Multiple vulnerabilities in D-Link DIR-620 router
Several security flaws have been discovered in D-Link DIR-620 firmware which runs on various D-Link routers. Exploiting these will allow a hacker to run arbitrary JavaScript code in the user environment and run arbitrary commands in the router’s operating system (OS). Since the router is no longer supported, vulnerabilities will be patched on ISP request.

Patches issued by VMware
VMware has issued patches to mitigate denial-of-service (DoS) and privilege escalation vulnerabilities for its Fusion and Workstation products. Fusion 10.x on macOS and Workstation 14.x are currently affected by the flaws. Fusion 10.x users are urged to update to VMware Fusion 10.1.2. And Workstation 14.x users are advised to patch to Workstation 14.1.2.

Flaws in BMW's In-Car systems
14 flaws were detected in BMW's In-Car systems that can affect models like BMW i-Series, BMW X Series, BMW 3, BMW 5 and BMW 7. Some of the flaws can be exploited to compromise vehicle functions. BMW has fixed these flaws using online reconfiguration and offline firmware update. Verge blockchain flaw exploited
Hackers have once again exploited the Verge cryptocurrency to steal around 35 million XVG. Cyber criminals exploited several flaws in the XVG code and exploited this by mining blocks with a spoofed timestamp. As of now, Verge has attributed this attack to a DDoS against some XVG mining pools.

211 LA County data leak
Around 3.2 million records have been exposed by the 211 LA County, a non-profit organization for health, human, and social services. Exposed information includes full names, phone numbers, addresses of many victims, alleged perpetrators and witnesses in numerous cases of physical and sexual abuse. The leak occurred due to an unsecured AWS S3 bucket.

Physicians hit by SamSam ransomware
Indiana-based Allied Physicians of Michiana were hit by the SamSam ransomware. Officials were able to contain the breach successfully. What information was exposed hasn't been confirmed yet. SamSam hackers have impacted at least eight separate healthcare and government businesses so far this year.