Share Blog post
Security researchers recently discovered a malware campaign that infected hundreds of Windows web servers with malicious cryptocurrency miner. Crooks exploited a known buffer overflow vulnerability in Microsoft IIS 6.0. Newer versions of Microsoft Internet Information Services are safe from this malware. Patching the vulnerable servers is the obvious mitigation here.
HerbaLife spam campaign
The hackers are using a new variant of Locky ransomware with a single identifier to track the infections. Hackers have sent more than 20 million HerbaLife branded emails within few days with malicious attachments which use Herbalife branded messages. The spam messages come from a spoofed domain, disguised as a legitimate one.
VMware banking Trojan
It has been found that a banking Trojan is getting distributed by legitimate VMware binary. The spam campaign is exploiting the binary to trick security programs for allowing malicious binaries to load into the system. The Java Code is used to execute a legitimate binary from VMware. Using it, hackers trick security software into loading libraries containing malicious files.
R6DB, a fan-powered online gaming service that provides statistics for players of Ubisoft's tactical FPS Rainbow Six Siege, was hit by hackers over the weekend. An automatic bot accessed their server, cleared the database, and left a ransom note behind. The database seems to be a PostgreSQL instance.
Graton Resort info leaked
Graton Resort and Casino, a Sonoma County-based Casino, announced on September 2, 2017, that it had inadvertently released personally identifiable data of its customers. The details were leaked in February and August when emails were sent out with the attachments containing this sensitive data.
An account update email from Netflix inviting users to click on the “Login” button to update their billing information. This is the new phishing email Netflix users are being targeted with to get hold of their sensitive information. Users should visit Netflix site and log in to check their account status.
Microsoft phishing email
Users were being tricked into clicking on phishing emails that were supposedly coming from Microsoft. The mail appears to be an account suspension or account renewal email. It appears to be realistic but has some red flags that you must watch out for. Don’t click on the link without verifying the sender address.
Posted on: October 03, 2017
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.