Cyware Daily Threat Intelligence November 10, 2017

Top Malware Reported in the Last 24 Hours
Disdain EK is back
This exploit kit was first discovered in the August 2017, but it has now resurfaced again through malvertising chains. It is reported that Disdain EK downloads Neutrino Bot payload which is an information-stealing malware. Users are advised to apply security patches regularly.

Ordinypt ransomware
In a recent discovery, a new ransomware strain called Ordinypt is currently targeting victims in Germany, but instead of encrypting users' documents, the ransomware rewrites files with random data. It has turned out to be a data wiper of sorts as it creates random files and deletes the original files.

ANDROID_OS TOASTAMIGO
Recently a new malware named ANDROID_OS TOASTAMIGO was discovered. It is secretly known to install other malware on the affected device via the Toast Overlay attack. To achieve this, the malware poses as a legitimate app locker that’s supposed to secure the device’s applications with a PIN code.

Top Vulnerabilities Reported in the Last 24 Hours
AVGater
A new vulnerability that is dubbed AVGater works by relocating malware already placed into an AV quarantine folder at a location of attacker choice. Attackers can exploit it by first getting a vulnerable AV program to quarantine a piece of malicious code and then moving it into a sensitive directory.

“Eavesdropper” vulnerability
In a recent discovery, tens of developers have left API credentials in hundreds of applications built around the Twilio service. About a third of all affected apps are enterprise related, potentially granting attackers access to highly precious financial and business phone calls and SMS alerts.

Top Breaches Reported in the Last 24 Hours
UEA Staff Member loses
In a recent discovery, the University of East Anglia (UEA) has suffered another data breach this year after an email containing health information about a staff member got accidentally emailed to 300 students. This happened as the sender accidentally used an email distribution list.

Boston Globe
Recently, the Boston Globe reported that it endured two consecutive days of cyberattacks by an unknown group or individual. The first attack began some time back followed by another one on the next day that shut down the site.

Vault 8
In another startling discovery, WikiLeaks published the first-ever batch of source code for CIA cyber-weapons. The source code released is a toolkit named Hive, a so-called implant framework. It is a system that allows CIA operatives to control the malware it deploys on infected computers.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.