Cyware Daily Threat Intelligence November 27, 2017

Cryp70n1c ransomware
A HiddenTear-based ransomware has been found that spreads as a fake PDF cracker. Once installed, it starts data encryption procedure. It uses AES cryptography and appends .cryp70n1c file extension for targeted data.

StorageCrypter ransomware
The ransomware encrypts the data on cloud storage using AES/RSA Encryption keys. After encryption '.locked' an extension is appended to the file name, _READ_ME_FOR_DECRYPT[.]txt file is dropped onto the system which asks the victim to pay 0.4 BTC for file decryption.

Katafrack ransomware
This is file encoder trojan that has been discovered some time back. The threat is a variant of the Ordinal Ransomware. The attacker continues to use the HiddenTear Ransomware builder to deploy new versions of their product. Facebook flaw
Soon after the social media network rolled out a new polling feature that includes images and GIF animations, a security researcher found a way of deleting ‘any’ photo on Facebook. A temporary fix was issued on the same day the vulnerability was announced. As of now, the complete patch has been deployed.

ZyXEL PK5001Z router flaw
The activity from Mirai-based IoT botnets has been increased after the publication of proof-of-concept (PoC) exploit code in a public vulnerabilities database. The PoC is for a vulnerability that exists in ZyXEL PK5001Z Routers that is a hidden su (super-user) password on the affected ZyXEL devices that elevate a user's access to root level.

Exim mail server vulnerability
A vulnerability has been present in the Exim Mail Server that allows an attacker to remotely cause a denial of service to the server, even if there is no active connection. This vulnerability exists because the "." character at the end of the e-mail messages is incorrectly checked when the BDAT data header is parsed. DNA testing kit steal information
The users are being warned that these kits have the capabilities to steal personal information. The sensitive information that users enter in those apps can be sold/used for commercial purposes. In fact, AncestryDNA, one of the DNA testing tool has a fine print informing users that it reserves the right to communicate genetic information for the purposes of providing products and services.

False health information
Russian cyber units are reportedly spreading false health information related to flu and measles jabs in the UK in order to destabilize the nation. The state-sponsored threat actors are using social media as their weapon in spreading distrust and lies.