Cyware Daily Threat Intelligence November 10, 2017

Disdain EK is back
This exploit kit was first discovered in the August 2017, but it has now resurfaced again through malvertising chains. It is reported that Disdain EK downloads Neutrino Bot payload which is an information-stealing malware. Users are advised to apply security patches regularly.

Ordinypt ransomware
In a recent discovery, a new ransomware strain called Ordinypt is currently targeting victims in Germany, but instead of encrypting users' documents, the ransomware rewrites files with random data. It has turned out to be a data wiper of sorts as it creates random files and deletes the original files.

ANDROID_OS TOASTAMIGO
Recently a new malware named ANDROID_OS TOASTAMIGO was discovered. It is secretly known to install other malware on the affected device via the Toast Overlay attack. To achieve this, the malware poses as a legitimate app locker that’s supposed to secure the device’s applications with a PIN code. AVGater
A new vulnerability that is dubbed AVGater works by relocating malware already placed into an AV quarantine folder at a location of attacker choice. Attackers can exploit it by first getting a vulnerable AV program to quarantine a piece of malicious code and then moving it into a sensitive directory.

“Eavesdropper” vulnerability
In a recent discovery, tens of developers have left API credentials in hundreds of applications built around the Twilio service. About a third of all affected apps are enterprise related, potentially granting attackers access to highly precious financial and business phone calls and SMS alerts. UEA Staff Member loses
In a recent discovery, the University of East Anglia (UEA) has suffered another data breach this year after an email containing health information about a staff member got accidentally emailed to 300 students. This happened as the sender accidentally used an email distribution list.

Boston Globe
Recently, the Boston Globe reported that it endured two consecutive days of cyberattacks by an unknown group or individual. The first attack began some time back followed by another one on the next day that shut down the site.

Vault 8
In another startling discovery, WikiLeaks published the first-ever batch of source code for CIA cyber-weapons. The source code released is a toolkit named Hive, a so-called implant framework. It is a system that allows CIA operatives to control the malware it deploys on infected computers.