Go to listing page

Cyware Daily Threat Intelligence November 08, 2017

Cyware Daily Threat Intelligence November 08, 2017

Share Blog Post

Top Malware Reported in the Last 24 Hours
Marcher banking trojan
The new version of Marcher banking trojan is reported to be infecting about 20,000 users already. The new variant poses three security threats: a phishing campaign, a banking trojan, and credit card theft into a single campaign. It has been targeting the customers of Bank of Austria, while users or Android devices are at risk.

DogHouse ransomware
In a recent discovery, a new ransomware, DogHousePower, has been found to be specifically targeting web servers and database servers running on the Windows Server operating system. Also, it is reported that Python PyInstaller is being utilized for creating the ransomware. As the ransomware targets a known vulnerability – CVE-2017-5638 in Apache Struts 2. Organizations should immediately patch the vulnerability to stay protected.

Lock evolves into Diablo6
The new Locky variant, Diablo6, includes a few tweaks which are making detection of the ransomware more difficult. Mind you, the variant was used in a 2016 cyber attack launched against the Hollywood Presbyterian Medical Center. Users should keep all systems current with the latest security patches and install an antivirus solution.

Top Vulnerabilities Reported in the Last 24 Hours
Linux flaws
In a new revelation, a security researcher discovered 14 security flaws in the Linux kernel USB subsystem, using syzkaller--a kernel fuzzing tool. In addition, the researcher also noted that around 40 vulnerabilities haven't been fixed yet. What’s interesting is that the bugs require physical access is to exploit and potentially hijack a machine or infect it with spyware.

Brother printers vulnerability
The popular printer manufacturer, Brother, found that its products are plagued with a Denial of Service vulnerability. The flaw is related to an embedded https server named Debut that some Brother products use to host their web interfaces. The security hole is tracked as CVE-2017-16249 and it affects version 1.20 and earlier of the Debut software.

Google fixes KRACK and other bugs
Finally, Google has released a fix for the KRACK vulnerability. The update also fixes five other remote code access bugs. Users who don't receive over-the-air updates from their mobile provider or phone vendor can download updated OS images from the Android project's homepage.

Top Breaches Reported in the Last 24 Hours
SAAN breach
The website of Scottish Appropriate Adult Network (SAAN) was breached to leak sensitive information of about 50 people. Among individuals whose identification details were leaked included rape victims and domestic abuse cases. SAAN stated the website will remain down until the bug is fixed.

Ethereum wallets frozen
In another instance of hacking, the Parity developers—the company behind the widely used wallet service Parity—said that a vulnerability in the wallet library contract of the standard multi-sig contract has been found. Currently, no funds can be moved from such wallets. It is estimated that at least 600,000 ETH (worth around $150 million) is frozen.

IPERS account breached
In a recent breach, Iowa's largest public employees' pension fund having hundreds of thousands of dollars in pension payments has been stolen from retirees' accounts. The Iowa Public Employees' Retirement System (IPERS) said that 103 retirees' accounts were compromised in mid-October.


Posted on: November 08, 2017

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.