Share Blog post
Cobalt hackers have adapted to find Microsoft bugs and weaponize them for their campaigns. For instance, they exploited CVE-2017-8759, a [.]NET Framework vulnerability patched by Microsoft in September 2017. The recent campaign in November 2017 was found to be exploiting a Microsoft Office remote code execution vulnerability dubbed CVE-2017-11882.
In a recent discovery, new variants of the Ursnif malware were found using redirection attacks and malicious TLS callback techniques. The malware uses spam emails for an MYOB Supply Order to spread. The email asks users to click on a button to review attached documents.
A new custom Remote Access Trojan (RAT) called UBoatRAT has been identified in September 2017. The initial version of the RAT, found in May of 2017, was simple HTTP backdoor. The latest attack targets organizations related to South Korea or video games industry.
Microsoft has brought relief to its users by releasing an updated version of Equation Editor patch. The older version worked with only English and Chinese version of the Office. The new one, KB 4011604 (Office 2007) and KB 4011618 (Office 2010) works for all languages.
Cisco WebEx vulnerability
A remote code execution vulnerability is detected in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. The Cisco WebEx players are applications that are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee.
PowerDNS XSS vulnerability
A few clever scammers are using a fake blue screen of death, (BSOD), messages and a bogus 'Troubleshooter for Windows' application to dupe victims into paying $25 for security software they don't need. The scammers are attempting to sell a supposed Microsoft security product called 'Windows Defender Essentials'.
Pump and dump scam
A cryptocurrency exchange platform — Bittrex — is cautioning users of a possible pump and dump scam. The company notified its customers that artificially manipulating the price of Bittrex trading will result in banning their accounts. Users are advised to conduct their own research and not believe articles from unauthorized sources while investing.
Fraudsters impersonate UK police
In a new scam, fraudsters in the UK are posing as the police to trick consumers out of their savings under the guise of an undercover investigation. The victim is assured the money will eventually be put back into their account, but the fraudster disappears with the cash.
Posted on: November 30, 2017
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...