Cyware Daily Threat Intelligence October 12, 2017

Top Malware Reported in the Last 24 Hours
Stealth Microsoft attack
Hackers are using an alternative method to inject a malicious code that leverages existing Office feature, Microsoft Dynamic Data Exchange (DDE) allows an Office application to load data from other office applications. DDE allows a Word file to update a table by pulling data from another Office application, say an Excel file, every time the Word file is opened.

Kovter malware
A malvertising group nicknamed KovCoreG has been using the fake browser and Flash updates to trick users into installing the Kovter malware. Attackers used malicious ads on PornHub to redirect users to a scam site that was advertising an urgent update.

New BTCware variant
Recently, security experts have discovered a new variant of BTCware ransomware. The new Payday ransomware variant targets a victim and appends the.[email]-id-id.payday extension to encrypted files.This ransomware family targets victims by hacking into poorly protected remote desktop services and manually installing the ransomware.

Top Vulnerabilities Reported in the Last 24 Hours
RCE vulnerability
This critical vulnerability was exploited by Freemilk malware to infect Windows product. It allows remote attackers to execute arbitrary code via a crafted document. This vulnerability was exploited via spam email-based attacks where adversaries bait users to open a malicious document attached to the message.

Simple DirectMedia Layer flaw
In Simple DirectMedia Layer (SDL), two high severity remote code execution vulnerabilities were recently discovered. SDL is affected by memory corruption vulnerabilities that can be exploited remotely to execute arbitrary code on the host.

RubyGem vulnerability
RubyGems, a package manager for Ruby libraries and programs, announced that it had patched a critical vulnerability. It had discovered an unsafe object deserialization vulnerability that can be used by an attacker to escalate to a remote code execution exploit.

Top Breaches Reported in the Last 24 Hours
Equifax hacked again
Equifax, the credit rating reporting agency that exposed personal data of nearly 150 million people, appears to have been hacked again. Some pages of Equifax's website redirected to a site offering a fake, malware-bearing Flash update, as noticed by a security researcher.

European banks robbed
In a recent incident, cybercriminals stole up to $10 million each from several Eastern European and Russian banks. Banks in Europe, North America, Asia and Australia are advised to be on the lookout for this attack. The crime gang used limited malware forms and relied on legitimate software/OS to execute the heist.

Government servers hacked
Advanced persistent threat (APT) group, FIN7, is believed to have hacked U.S. state government servers to distribute malware through phishing emails. The emails were designed to have come from the Securities and Exchange Commission (SEC), but it carried malware-laden Microsoft Word documents mentioning financial disclosure information from the EDGAR system.

Top Scams Reported in the Last 24 Hours
Netflix phishing campaign
Increasingly business email accounts are being targeted in a phishing campaign where the email seems to have come from Netflix support. The message is delivered addressed as 'Valued Customer', which asks the recipient to click a link to update account details. A successful attack might lead to illicit access to an enterprise email account, corporate networks, and associated services.

iPhone X scam
The exciting new product from Apple is here -- iPhone X. And, people can't wait to get their hands on the latest and greatest versions of Apple's flagship device. Cybercriminals are already spamming social networks with schemes trying to trick you into giving away personal information. These scams are designed to look like free iPhone X giveaway offers. Users should be careful about those offers and stay away from them.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.