Cyware Daily Threat Intelligence November 28, 2018

Top Malware Reported in the Last 24 Hours

Bladabindi
A new variant of the Bladabindi RAT, also known as njRAT/Njw0rm, has been spotted being distributed via removable drives. The RAT comes packed backdoor capabilities and also and can also carry out keylogging and DDoS attacks. The new variant installs a hidden copy of itself on removable drives and installs a fileless backdoor. Its propagation techniques make detection challenging. 

DNSpionage
A new malware campaign has been discovered, targeting private and government entities across the Middle East. The campaign delivers a previously unknown malware dubbed DNSpionage that supports HTTP and DNS communications with the threat actors. The campaign has so far targeted Lebanese and UAE government entities, as well as a private Lebanese airline. The cybercriminals have launched five cyberattacks in 2018, one of which was detected earlier in November. 

RealTimeSpy
Users of the Exodus cryptocurrency wallet have been targeted by cybercriminals, who have been delivering a spyware app dubbed RealTimeSpy onto victims' devices. The malware uses AppleScript to add itself to the user’s login pages. So far, three variants of the spyware have been deployed in 6 fake apps since 2016. 

Top Vulnerabilities Reported in the Last 24 Hours

SUSE host
A security update addressing a vulnerability has been issued out for SUSE host. The security flaw is related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. The flaw is exists because of a condition caused by not delaying a bailout for an invalid authenticating user until after the packet containing the request has been fully parsed. Users are advised to use the SUSE CaaS Platform Velum dashboard that allows the complete cluster of updates to install onto a vulnerable system.

XML Digital Security
A security flaw has been discovered in  xml-security-c, a library for the XML Digital Security specification. Although a CVE identifier has yet to be tagged for this bug, a patch has already been issued out, since it has been deemed as a high-security bug. 

Siemens GNU/Linux subsystem
Multiple vulnerabilities were discovered in Siemens' GNU/Linux subsystem. The vulnerabilities include CVE-2018-17972, which allows a local attacker to cause a DoS condition, and CVE-2018-17182, which could allow attackers to cause a DoS condition and execute arbitrary code. Patches have not yet been deployed to fix the vulnerabilities. Meanwhile, users are advised run applications from trusted sources.

Top Breaches Reported in the Last 24 Hours

Healthcare breach
The East Ohio Regional Hospital (EORH) and Ohio Medical Valley Center (OVMC) suffered a breach forced the healthcare organizations to take systems offline and even prevented them from accepting ER patients. Both hospitals were hit by a ransomware attack that prompted both the institutions to voluntarily initiate a period of EHR downtime. The ransomware attack affected the organizations' networks which disrupted services. 

Urban Massage
London-based massage startup, Urban Massage, inadvertently leaked its entire customer database. The firm's database was hosted on Elasticsearch, which was left exposed online, without any password protection The exposed database also contained over 351,000 booking records, and over 2,000 records on Urban Massage's employees, including their names, email addresses and phone numbers. Fortunately, the leaked database did not contain any financial information. The firm took down the exposed database when it discovered the breach. 

Top Scams Reported in the Last 24 Hours

BEC scams
A new BEC scam campaign that capitalizes on the recent California wildfire tragedy, using it as a lure, has been discovered by security researchers. This particular campaign has been targeting employees of corporations. The cybercriminals behind the campaign were spotted sending out emails purporting to come from CEOs of the targeted organizations. The campaign tricks victims into purchasing gift cards that contain a code. The victims are then prompted to contact the attackers to verify the validity of the gift card. Presumably, once the victim contacts the attackers, he/she is once again, tricked into divulging additional personal information.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.