Go to listing page

Cyware Daily Threat Intelligence November 27, 2018

Cyware Daily Threat Intelligence November 27, 2018

Share Blog Post

Top Malware Reported in the Last 24 Hours

Link between FakeSpy and XLoader
Researchers have discovered a connection between the Android malware families FakeSpy and XLoader. Collectively, the two malware variants have infected over 380,000 victims across the globe, primarily in Japan and South Korea. 126 domains were found sharing both XLoader and FakeSpy for deploying malware. The two malware families were also found to have links to the Chinese hacker group Yanbian Gang. The group has previously conducted heists against South Korean banks. Malware with the similar code was used by both the operators. The registrants of both of them are from China and appear to originate from the Jilin province. This is the current location of the Yanbian Gang members.

Top Vulnerabilities Reported in the Last 24 Hours

Artifex Ghostscript
Multiple vulnerabilities have been discovered in Artifex Ghostscript. The bugs include a stack-based buffer overflow vulnerability, a privilege escalation vulnerability, a memory corruption vulnerability. If exploited, attackers could allow remote attackers to bypass intended access restrictions from the targeted system. Patches have been issued out addressing the bugs. Users are advised to update to the fixed version Artifex Ghostscript 9.26 as soon as possible.

Multiple buffer overflow vulnerabilities were identified in the Gnuplot command-line program. The bugs, if exploited successfully, could allow an attacker to execute buffer overflow attacks on the targeted system. Patches have been deployed addressing the bugs. Users are advised to update to the fixed version Gnuplot 5.2 patch level 5 as soon as possible.

Top Breaches Reported in the Last 24 Hours

Suncorp Bank
Suncorp Bank's customers were hit by a data breach. Customers' personally identifiable information (PII) was inadvertently leaked on a public government website and remained publicly available for two months. The leaked data included salary info, dates of birth, addresses, and employment details of some of the Suncorp customers. The exposed information also contained insurance status, beneficiary nominations, and superannuation balance of a number of Suncorp members. The data was taken down when Suncorp discovered the breach in November. Suncorp said that the affected customers will get 12 months of free access to credit monitoring and identity theft protection service. The Office of Australian Information Commissioner has been notified of this and the access to the accounts of the affected members are being reviewed.

Top Scams Reported in the Last 24 Hours

TV License Fraud
The UK’s national fraud and cyber reporting center, Action Fraud, is warning the public of a surge in TV license fraud. Between September to October this year, over 2,500 complaints were sent to Action Fraud notifying them of the scam. The scam emails claim to be coming from TV network providers and tricks victims into believing that they are due a refund. However, the scammers deploy malicious URLs that are designed to harvest victims' bank account and credit card details. The scam emails also prompt users into divulging personal information such as full name, date of birth, address, phone number, mother's maiden name, and bank details.


memory corruption vulnerability
stack based buffer overflow vulnerability
yanbian gang

Posted on: November 27, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.