Cyware Daily Threat Intelligence November 24, 2017

Scarab ransomware
In a recent discovery, a ransomware strain known as Scarab detected earlier is now being pushed to millions of users via Necurs botnet. Scarab is the fourth ransomware strain Necurs has pushed in 2017, after Locky, Jaff, and GlobeImposter.

In-browser cryptocurrency miner
The in-browser cryptocurrency miner, Coinhive, present in one of the JavaScript files is used by LiveHelpNow. As of now, retail store chains Crucial and Everlast are the most affected. However, the not all visitors get infected by the miner. The script loads randomly. 17-year old Microsoft flaw
A decade and half old vulnerability that affected Windows OS is being exploited in Australia and Japan. The vulnerability is a memory-corruption issue which affects all Microsoft Office released and includes the latest Microsoft Office 365 too. It could be triggered on all versions of the Windows OS.

systemd vulnerability
Researchers have discovered a new flaw in the DNS resolver, named as 'systemd'. It is known to cause a denial-of-service attack on a large number of vulnerable Linux distributions. An attacker can use social engineering or some malware to get a user to visit a domain controlled by the attacker. File-sharing site hacked
File-sharing site Bolt became the latest victim of hackers. According to the website haveibeenpwned[.]com, almost a million of accounts were compromised as a result of this massive hacking incident. Although, no information has been received about the culprits behind the attack.

DDoS attack
In another cyber incident, Danish supermarket chains—Bilka and Fotex—were hit by cyberattacks on the launch of their Black Friday campaigns. Bilk is a popular chain of hypermarkets which is now a part of Dansk Supermarked, that also owns the Fotex.

DSS Breached
The personal data of 8,500 employees at The Department of Social Services (DSS) was breached - and left open - from June 2016 to October 2017. The data covered the years from 2004 to 2015. Fake pop-up coupon offer
Security researchers disclosed a vulnerability in AliExpress[dot]com, a popular online retail service owned by Alibaba. The online shopping portal was found to have an open redirect vulnerability and the retailer has since fixed the vulnerability.

Netflix scam
In another scam, an email appearing to be sent from Netflix is wrongly informing customers of increasing streaming/subscription prices starting from December 22. The email was received by a New Zealand customer from 'info@mailer.netflix.com' address. The email also asks users to click on links or visit the Help Centre for more info.

Gift coupon scams
During the holiday shopping seasons, fraudsters are using coupon scams to steal personal information. The very common platform to carry out such operations is the social media platforms. Scammers impersonate legitimate companies through social media and reach out to people.