Cyware Daily Threat Intelligence October 26, 2018

Top Malware Reported in the Last 24 Hours

DemonBot 
A new botnet dubbed DemonBot was recently discovered by security experts. The botnet is being leveraged by attackers targeting vulnerable Hadoop installations. The attackers are exploiting a Hadoop YARN unauthenticated remote command execution (RCE) flaw to infect Hadoop servers with DemonBot and the botnet's attack vector. DemonBot can allow attackers to launch DDoS attacks and steal system information.

TimpDoor
TimpDoor is a newly discovered Android malware being distributed via a phishing campaign. The malware is capable of turning infected devices into proxies, essentially converting them into mobile backdoors. Infected devices could be used by attackers to stealthily infiltrate victims' home and corporate networks. The malware comes loaded in a fake app and when installed it initiates a background service starts a Socks proxy to redirect all network traffic from a third-party server via an encrypted connection. The malware has already infected around 5,000 victims across the US.

Top Vulnerabilities Reported in the Last 24 Hours

Linux and BSD bug
Security researchers recently disclosed that a security vunerability that had remained undiscovered for nearly two years affects almost all Linux and BSD distros that employ the popular X.Org Server package. The bug allows an attacker limited access to a system, either via a terminal or SSH session, to elevate privileges and gain root access. f a vulnerable version of X.org runs on a system as setuid root, it can be abused by normal logged-in users to gain administrator-level control over the machine. That would allow a miscreant to tamper with files, install spyware, and more.

Multiple flaws
Two flaws in the Sophos HitmanPro.Alert - a malware detection and protection tool - were recently discovered by security researchers. While one of the bugs was a kernel memory disclosure flaw, the other was a privilege escalation vulnerability. The flaws could allow attackers to read kernel memory contents, as well as perfrom code execution and privilege escalation attacks. The flaws existed in the input/output control (IOCTL) message handler. 




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.