Cyware Daily Threat Intelligence October 20, 2017

Magniber ransomware
This is a new ransomware that gets distributed by the Magnitude exploit kit. Interestingly, the ransomware has been found attacking South Korea via malvertisements on attacker-owned domain/sites. Its payment system and file encryption process are somewhat similar to that of Cerber ransomware. Thereby, the name Magniber (Magnitude+Cerber).

Dynamic Data Exchange exploit
Recently hackers were found exploiting an old Microsoft Office feature dubbed Dynamic Data Exchange (DDE) to execute and spread malware. This is done without any memory corruption or enabling of macros. DDE protocol is used by Microsoft to allow two running applications share the same data.

Ursnif banking Trojan
Cybercriminals are discovered to be using new malicious macro tactics for payload delivery featuring the Ursnif banking Trojan. They have involved malicious macros to deliver the Ursnif banking Trojan along with other ransomware, spyware, and backdoors. Users are advised to avoid such attacks by steering clear of suspicious emails. Linksys E series router flaws
In a recent revelation, a security services firm has unfurled the details of umpteen unpatched vulnerabilities affecting Linksys E-Series wireless home routers. The model impacted by the flaw include Linksys E900, E1200 and E8400 AC2400 routers. Models E900-ME, E1500, E3200, E4300 and WRT54G2 are believed to be affected as well.

Adobe Flash vulnerability
A malicious Microsoft Word attachment was found exploiting a recently patched Adobe Flash vulnerability by a group of security researchers. The malicious emails in the attack were sent to foreign government entities equivalent to the State Department and private-sector businesses in the aerospace industry.

Blackberry server flaws
Recently, the Canadian mobile manufacturer has issued a fix for vulnerabilities in its Workspaces Server components: Appliance-X version 1.12.0 and later and vApp versions 5.7.2 and later. The server is used to manage users, devices, and workspaces by admins through the Workspaces administrator console. Malaysian citizens’ identities leak
Several thousands of Malaysian citizens’ personal information has been put on sale in online. Those user data came from different websites and telecommunications companies. Some of the notable names include Jobstreet, Malaysian Medical Council, Altel, Celcom and Malaysian Housing Loan Applications. Users are advised to use sophisticated antivirus programs to keep their data safe.

LTE on Apple Watch 3 shutdown
LTE services available on certain models of Apple Watch series 3 have been shut down in China. It is suspected that the shutdown was due to the security issues with the Chinese Government. China Unicom who initially offered cellular service for the Apple Watch with LTE stopped supporting it recently.

Child-friendly game disrupted
A large multiplayer online game has drawn the attention of hackers and pedophiles. The popular Roblox--the much-touted open platform--lets users design their game environment. The family-friendly game has been hacked by pedophiles and obnoxious content has been injected that included Swastika and porn content.