Share Blog post
A previously unknown info stealer has made quite a climb since the past few months. The malware named FormBook has been sold on an infamous underground hacking forum as a PHP control panel. The malware may be simple and lack extension or plugin systems, but targets poor security patches. Users are advised to patch their systems immediately.
Recently, an attack on Office 365 Exchange Online email accounts was discovered. The campaign is called KnockKnock and is targeted toward organizations in manufacturing, financial services, healthcare and public sectors. The hackers targeted automated corporate email accounts. Those accounts lack human interference and therefore have various security concerns.
Cybercriminals are using VMware binary to spread banking Trojans against the Brazilian financial sector. Hackers are sending phishing emails containing malicious URLs that redirect users to goo[.]gl URL shortener. The link sends them to a RAR library that contains a JAR file, clicking which triggers the Java process and installs the Trojan.
Over past couple of months, security researchers have discovered eight bugs in SAP products that had the potential of taking down the SAP servers entirely. Imagine losing the most sensitive data of your enterprise that could include customer behavior, pricing, financial forecasting and business forecasting that SAP systems usually host.
Apache Tomcat fixes
Apache Tomcat versions before 9.0.1 (Beta), 8.5.23, 8.0.47 and 7.0.82 contain a potentially dangerous remote code execution (RCE) vulnerability on all operating systems. The flaw, tracked as CVE-2017-12617, was classified as an important severity. Users are advised to update their Apache Tomcat with the latest releases.
CVE-2017-14596 is an LDAP injection vulnerability in Joomla!, that allows an attacker to steal login credentials from Joomla! installations. The affected versions are Joomla! version 1.5 <= 3.7.5, and vulnerability is exposed when Joomla! is configured to use LDAP for authentication.
White House chief of staff John Kelly’s personal phone was most likely compromised, possibly for months. The suspected breach was discovered by the White House IT team when the phone was taken to them. This has raised concerns that hackers might have access to the data present on Kelly’s phone. However, it is unknown whether any data has been accessed or not.
Arkansas Oral and Facial Surgery Center
An investigation revealed that ransomware was installed on the systems of Arkansas Oral & Facial Surgery Center. The attack not only locked up patient records but also might have exposed their patients' personal information. It is believed that the motive behind the incident was extortion and not patient information theft.
Posted on: October 06, 2017
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...