Cyware Daily Threat Intelligence May 31, 2018

Top Malware Reported in the Last 24 Hours
Nocturnal Stealer
A new data-stealing malware dubbed Nocturnal Stealer has been found within multiple Chromium and Firefox based browsers. It is also capable of stealing cryptocurrency wallets and saved FTP passwords within FileZilla. The stealer is dropped by an unknown loader which contains three files, one of them being the information stealer Trojan.

A bug found in Jira 
Researchers found a bug in the Jira deployment that exposes the private server keys of several companies. The hackers can leverage the bug to gain a foothold in the networks, perform cross-site scripting (XSS) attacks and steal data. While several companies have applied security updates, some companies have pulled the vulnerable Jira server offline. 

Double Kill exploit
Researchers have observed widespread attacks using the Double Kill exploit that are incorporated into the RIG Exploit Kit and ThreadKit crimeware packages. The attackers are using the exploit to target all versions of Windows.  If successfully exploited, it can enable hackers to execute code, gain read/write access and hijack execution flows.

Top Vulnerabilities Reported in the Last 24 Hours
JScript component vulnerability
A zero-day vulnerability in the JScript component of the Windows operating system has been discovered by a researcher. The flaw could be exploited by attackers to execute arbitrary code on a target computer. A malicious webpage or JS file is used to initiate the exploitation. Thus, users are required to stay vigilant and update their systems as soon as a fix is released.   

Chrome's browser updated
Updated Chrome version 67.0.3396.62 patches 34 bugs which includes mitigation for the infamous Spectre vulnerability. The updated version also adds support for the credential management API called WebAuthn. The other critical fixes include patching two vulnerabilities in Blink (CVE-2018-6123 and CVE-2018-6124), an iOS-specific universal cross-site scripting vulnerability (CVE-2018-6128),  two WebRTC bugs (CVE-2018-6129 and CVE-2018-6130) and a WebAssembly mutability protection error (CVE-2018-6131).

Top Breaches Reported in the Last 24 Hours
SpamCannibal hijacked
SpamCannibal, a defunct service that issued blacklists of known spam servers, has been hijacked on Wednesday morning. The security researchers confirmed that the website's DNS server settings were changed by hackers overnight in order to deliver malware and to alter the result of queries to the blacklist service.  This was possible due to the expiry date of the SpamCannibal domain. However, it looks like the original operators have managed to regain the control of the domain. 

Universal Music Group hacked
The Universal Music Group's IT infrastructure has suffered a potential data breach due to a fault of an IT contractor.  The leak occurred when a third-party contractor was deploying an Apache Airflow server without securing it with a password. This resulted in the exposure of FTP credentials, AWS configuration details, SQL passwords and internal source code for Universal's IT network.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.