Cyware Daily Threat Intelligence November 29, 2017

UBoatRAT variant
Recently, several attacks were carried out using the new variants of UBoatRAT. Specifically, the new variant targeted organizations related to South Korea and video games industry. Here malware is distributed through Google Drive to obtain the C2 address from GitHub.

Ursnif v3 emerges
A new variant of Ursnif has emerged with changes in the code injection mechanism. Ursnif v3 is developed as a redirection attack that targets business and corporate banking customers in Australia. Ursnif v3 is the first iteration of this malware that uses redirection attacks.

OSX.CpuMeaner
A new class of cryptominer trojan has come to light — OSX.CpuMeaner. This trojan is built on an idea similar to OSX.Pwnet’s, but the means and method of propagation is close to that of an adware. It’s mainly present in pirated software and mines Monero cryptocurrency using the victim's hardware. macOS flaw
A fresh security flaw has been discovered by security researchers allows root access to a mac without a root password. This vulnerability was found on macOS 10.13.1. By just entering the username and clicking ok several times would lead the hacker in. Users are advised to change their root password immediately — as a quick fix.

Stack clash vulnerability
A vulnerability traced CVE-2010-2240 — Stack Clash — is known to be a privilege escalation vulnerability. It is found to be affecting Unix-based operating systems. The flaw contains seven exploits and is present in the memory management of several operating systems.

Ghostwriter attacks
A misconfiguration in Amazon S3 bucket is allowing public writes which in turn are enabling third parties to launch man-in-the-middle (MITM) attack. This attack is popularly known as Ghostwriter attack. Generally, the S3 buckets are accessed from within an enterprise network. UK shipping firm attacked
The British shipping service provider Clarkson PLC recently reported that it has been a victim of a cybersecurity hack. The company also raised concerns that the hacker(s) behind the attack might release some of the stolen data shortly.

NSA breach
In a startling discovery, the contents of a highly sensitive hard drive belonging to a division of the NSA have been found to be left online. The virtual disk image contains over 100 GB of data from an Army intelligence project, codenamed ‘Red Disk’. This disk belonged to US Army’s INSCOM division.

DHS employee information risked
A home computer of a DHS employee was found to be storing personal information of around 246,000 Department of Homeland Security employees. The information included names, Social Security numbers, and dates of birth. Affected individuals have been notified and DHS has offered to provide credit monitoring service.