Cyware Daily Threat Intelligence November 26, 2018

Top Malware Reported in the Last 24 Hours

Linux cryptominer
A new Linux cryptominer dubbed Linux.BtcMine.174 was recently discovered. The multicomponent malware is capable of installing another malware called BillGates, which, in turn, is capable of launching DDoS attacks. The malware mined for Monero and is also capable of stealing root passwords and disabling antivirus software. The malware is also capable of searching for and deleting any rival cryptominers on the targeted system. The Trojan’s main distribution channel is the SSH self-spreading mechanism. It leverages two privilege escalation exploits CVE-2016-5195, also known as Dirty COW, or CVE-2013-2094. This is done to gain access to root permissions and obtain complete control of the operating system. 

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft Outlook patches
New patches for Outlook 2010 have been released by Microsoft. The updates address multiple critical vulnerabilities, more specifically the 64-bit version of the security update KB 4461529 from Microsoft November Patch Tuesday that was causing Outlook 2010 crash. The recent security update addressed the flaws - CVE-2018-8522, CVE-2018-8524, CVE-2018-8576, and CVE-2018-8582. All the bugs addressed were remote code vulnerabilities that required user interaction for exploitation. They resulted from Outlook’s failure to properly handle objects in memory. 

Joomla
Multiple vulnerabilities have been found in Joomla. The bugs could allow attackers to execute cross-site scripting & SQL injection attacks. The SQL injection vulnerability exists due to insufficient sanitization of user-supplied data. Meanwhile, the XSS vulnerability exists due to insufficient sanitization of user-supplied data. Successful exploitation of the bugs could allow attackers to read, delete, modify data in the database and gain complete control over the affected application. An attacker could also steal sensitive information and conduct drive-by-download attacks on targeted systems.

Top Breaches Reported in the Last 24 Hours

FIESP data breach
Brazil has been hit by one of the largest data breaches in the history of the nation. Federation of Industries of the State of São Paulo (FIESP) has exposed millions of personal data records from three of its databases online. The databases were publicly accessible for several days before it was eventually taken offline. The organization exposed over 34 million personal records, including information such as name, personal ID number (RG number), taxpayer registry identification (CPF), gender, date of birth, full address, email, and phone number. Although FIESP took down the databases, the organization refused to acknowledge the severity of the breach. 

Top Scams Reported in the Last 24 Hours

GDPR scam
Several French firms received deceptive letters, some resembling notices from a fictitious public authority and others reproducing the logo of the French data protection authority, the CNIL. Data Protection Officers who have publicly available email addresses received such phishing emails. Officials have been warned to be wary of any emails that purport to be coming from "official" sources. Data Protection Officers are also urged to carefully read the terms and conditions, and verify the nature of the services offered, as well as verify the legitimacy of any websites referred to by the email. 




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.