Cyware Daily Threat Intelligence October 09, 2017

Kovter malware
Cybercriminals have devised a new malvertising campaign that is used to deliver the Kovter malware, through malicious ads on PornHub site. The crooks are abusing the ad networks to published maligned ads to infect the systems of the visitors. Thus, users are advised to be careful and shouldn’t click on suspicious pop-up ads.

FreeMilk campaign
A new spear-phishing campaign known as “FreeMilk” has been discovered by security researchers. The hackers have used it to intercept ongoing email conversations between individual and later hijack the communication to deploy malware. The attack leverages a remote code execution flaw.

FormBook malware
FormBook malware is a self-extracting RAR file that starts an AutoIt loader which runs an AutoIt script. The script decrypts the FormBook payload file, loads it into memory, and then executes it. The distribution campaign is targeting Aerospace Defense Contractor and manufacturing sectors within the US and South Korea. Apple bugs patched
The first High Sierra release patched several vulnerabilities, though it apparently missed the two that have now been fixed in the supplemental update. Apple released an update for macOS High Sierra patching two critical vulnerabilities. The two critical bugs that affected Disk Utility and macOS keychain are now fixed and users can now breathe a sigh of relief.

Google patches
Google security engineers have identified and patched seven serious flaws in Dnsmasq, a fairly widely used DNS forwarder and DHCP server. Dnsmasq, the open-source program, is present in a lot of home routers and certain Internet of Things gadgets, and is included in desktop Linux distributions such as Ubuntu and Debian.

Siemens vulnerabilities
The flaws are caused due to improper access controls in the Ruggedcom Discovery Protocol (RCDP) that is used by Siemens Ruggedcom ROS-based devices and Siemens Scalance X switch models. An attacker can exploit this vulnerability only when he is on the same collision or broadcast domain as the targeted system. Far Eastern Central Bank hacked
One of the local Taiwanese banks, Far Eastern Central Bank, has lost funds caused due to the cyberattack. The losses have been said to be up to the tune of US $500,000. Earlier the bank reported to the Financial Supervisory Commission (FSC) that its computer system had been infected with malware, which affected some of its PCs and servers as well as the Society for Worldwide Interbank Financial Telecommunication's (SWIFT) network.

Dominos’ customer info leaked
The American pizza chain, Domino’s, has apparently admitted that its customers' information may have been stolen after receiving complaints about spam emails. Customers received emails from someone claiming to be "Sarah" asking for details about there whereabouts. It is speculated by experts that the leaked information could include customer email addresses, names and store suburbs, related to pizza orders, being accessed as a result.