Go to listing page

Cyware Daily Threat Intelligence October 15, 2018

Cyware Daily Threat Intelligence October 15, 2018

Share Blog Post

Top Malware Reported in the Last 24 Hours

Google Photos app malware
The new app released by Google LLC called ‘Album by Google Photos’ is found to be nothing more than malware disguised as a Google app. This app is found to bypass Microsoft’s filters and become available for download in the Windows Store. Many reviewers commented that this malware shows ads in the background and allures people to click on them. This malicious app is found to ask for bank credentials. Microsoft has already removed the app.

This new variant of Python ransomware has some features of the Locky Trojan and mainly targets Windows OS. It is sent as an email attachment and dropped by other malware. The lockedfile extension is attached to the encrypted file. Registry values are added to ensure the autostart technique of the ransomware. This technique helps in gathering data like system name, username, OS version, processor information, the language used, and MAC address. Users are advised to disable their ‘System Restore’ option and allow for a full scanning of their computers.

Top Vulnerabilities Reported in the Last 24 Hours

DOM-XSS flaw
A DOM-XSS flaw was found targeting Tinder, Shopify, Imgur, Yelp, Western Union, and other similar platforms. It is a class of cross-scripting vulnerability which appears within DOM. Here, the payload is executed because of modifying the DOM environment in the victim’s browser. As a result, attackers can gain access to users’ profiles and details. As many as 685 million users could be at risk. Users are advised to change their passwords now.

Incomplete JET Database flaw
Microsoft recently announced that its latest patch for JET Database Engine flaw (CVE-2018-8423) is deemed ‘incomplete’. So, the 0patch firm has released a micropatch that can fix this issue. The flaw exists within the management indexes of JET Engine and can be triggered by opening a booby-trapped JET file via OLEDB. Hence, attackers can execute code remotely. The execution of this memory corruption bug happens with the same privileges as the target machine’s users.


microsoft inc

Posted on: October 15, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.