Cyware Daily Threat Intelligence October 15, 2018

Threat Intelligence

Share Blog Post

Top Malware Reported in the Last 24 Hours

Google Photos app malware

The new app released by Google LLC called ‘Album by Google Photos’ is found to be nothing more than malware disguised as a Google app. This app is found to bypass Microsoft’s filters and become available for download in the Windows Store. Many reviewers commented that this malware shows ads in the background and allures people to click on them. This malicious app is found to ask for bank credentials. Microsoft has already removed the app.

Ransom.Python.PYLOCKY.B

This new variant of Python ransomware has some features of the Locky Trojan and mainly targets Windows OS. It is sent as an email attachment and dropped by other malware. The lockedfile extension is attached to the encrypted file. Registry values are added to ensure the autostart technique of the ransomware. This technique helps in gathering data like system name, username, OS version, processor information, the language used, and MAC address. Users are advised to disable their ‘System Restore’ option and allow for a full scanning of their computers.

Top Vulnerabilities Reported in the Last 24 Hours

DOM-XSS flaw

A DOM-XSS flaw was found targeting Tinder, Shopify, Imgur, Yelp, Western Union, and other similar platforms. It is a class of cross-scripting vulnerability which appears within DOM. Here, the payload is executed because of modifying the DOM environment in the victim’s browser. As a result, attackers can gain access to users’ profiles and details. As many as 685 million users could be at risk. Users are advised to change their passwords now.

Incomplete JET Database flaw

Microsoft recently announced that its latest patch for JET Database Engine flaw (CVE-2018-8423) is deemed ‘incomplete’. So, the 0patch firm has released a micropatch that can fix this issue. The flaw exists within the management indexes of JET Engine and can be triggered by opening a booby-trapped JET file via OLEDB. Hence, attackers can execute code remotely. The execution of this memory corruption bug happens with the same privileges as the target machine’s users.

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Cyber Fusion Center

Intel Exchange

Intel Exchange Lite

Collaborate

Respond

Orchestrate

Threat Intelligence Ecosystem

Solutions for ISACs, ISAOs, and CERTs

Solutions for ISAC, ISAO, and CERT Members

Intel Exchange Spoke

Cyware Browser Extension

Partners & Integrations

Channel Partners

MSSPs

Technology Alliances

Open APIs

MISP

Register a Deal

CywareOne Login

Resources Library

Resource Library

Cyware Labs: Research & Threat Briefings

Security Guides

Free Threat Intel Feeds

Webinars & Videos

Community Resources

Cyware Academy

Contact Us

Leadership

Careers

Cyware in the News

Press Releases

Compliance

Cyware Daily Threat Intelligence October 15, 2018

Share Blog Post

Top Malware Reported in the Last 24 Hours

Top Vulnerabilities Reported in the Last 24 Hours

Tags

More from Cyware

The Virtual Cyber Fusion Suite

Explore Solutions

Capabilities

Resource Library

Use Cases