Share Blog post
In a recent discovery, a ransomware strain known as Scarab detected earlier is now being pushed to millions of users via Necurs botnet. Scarab is the fourth ransomware strain Necurs has pushed in 2017, after Locky, Jaff, and GlobeImposter.
In-browser cryptocurrency miner
A decade and half old vulnerability that affected Windows OS is being exploited in Australia and Japan. The vulnerability is a memory-corruption issue which affects all Microsoft Office released and includes the latest Microsoft Office 365 too. It could be triggered on all versions of the Windows OS.
Researchers have discovered a new flaw in the DNS resolver, named as 'systemd'. It is known to cause a denial-of-service attack on a large number of vulnerable Linux distributions. An attacker can use social engineering or some malware to get a user to visit a domain controlled by the attacker.
File-sharing site Bolt became the latest victim of hackers. According to the website haveibeenpwned[.]com, almost a million of accounts were compromised as a result of this massive hacking incident. Although, no information has been received about the culprits behind the attack.
In another cyber incident, Danish supermarket chains—Bilka and Fotex—were hit by cyberattacks on the launch of their Black Friday campaigns. Bilk is a popular chain of hypermarkets which is now a part of Dansk Supermarked, that also owns the Fotex.
The personal data of 8,500 employees at The Department of Social Services (DSS) was breached - and left open - from June 2016 to October 2017. The data covered the years from 2004 to 2015.
Security researchers disclosed a vulnerability in AliExpress[dot]com, a popular online retail service owned by Alibaba. The online shopping portal was found to have an open redirect vulnerability and the retailer has since fixed the vulnerability.
In another scam, an email appearing to be sent from Netflix is wrongly informing customers of increasing streaming/subscription prices starting from December 22. The email was received by a New Zealand customer from 'email@example.com' address. The email also asks users to click on links or visit the Help Centre for more info.
Gift coupon scams
During the holiday shopping seasons, fraudsters are using coupon scams to steal personal information. The very common platform to carry out such operations is the social media platforms. Scammers impersonate legitimate companies through social media and reach out to people.
Posted on: November 24, 2017
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.