Cyware Daily Threat Intelligence November 03, 2017

Top Malware Reported in the Last 24 Hours
Zeus Panda Trojan
The banking trojan has been around for about a decade although in different avatars. It has been found using emails as the vector and also inducing infected PC users to spill their credentials by performing ‘web injects’. Typically, it used fake forms to phish for user credentials. Users should be more careful and always confirm the legitimacy of the link before clicking it.

QtBot used to distribute malware
Security researchers have observed that Necurs malspam campaigns are distributing Microsoft Office documents that are abusing Microsoft Dynamic Data Exchange (DDE). Then, these documents download an intermediate downloader — QtBot — which is used as a replacement for malicious VBScripts. The intermediate malware is known to download TrickBot and Locky ransomware.

Top Vulnerabilities Reported in the Last 24 Hours
Savitech USB Audio driver
The driver installation package will install a root CA certificate into the Windows trusted root certificate store. To complete the process, Savitech added the root certificate package for users along with the software bundle. However, the issue here is that this process was used on Windows XP and no more needed for later operating system versions. This could be misused by hackers and impersonate websites and other services. Users are encouraged to manually remove the certificate.

OpenSSL patches flaws
The two vulnerabilities with low and medium severity, that was discovered by using Google’s open source OSS-Fuzz fuzzing service. The two vulnerabilities — CVE-2017-3736 (medium severity) and CVE-2017-3735 — reported are fully patched. Users of OpenSSL 1.1.0 should upgrade to 1.1.0g.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.