Cyware Daily Threat Intelligence October 26, 2018

Share Blog post

Top Malware Reported in the Last 24 Hours

DemonBot 
A new botnet dubbed DemonBot was recently discovered by security experts. The botnet is being leveraged by attackers targeting vulnerable Hadoop installations. The attackers are exploiting a Hadoop YARN unauthenticated remote command execution (RCE) flaw to infect Hadoop servers with DemonBot and the botnet's attack vector. DemonBot can allow attackers to launch DDoS attacks and steal system information.

TimpDoor
TimpDoor is a newly discovered Android malware being distributed via a phishing campaign. The malware is capable of turning infected devices into proxies, essentially converting them into mobile backdoors. Infected devices could be used by attackers to stealthily infiltrate victims' home and corporate networks. The malware comes loaded in a fake app and when installed it initiates a background service starts a Socks proxy to redirect all network traffic from a third-party server via an encrypted connection. The malware has already infected around 5,000 victims across the US.

Top Vulnerabilities Reported in the Last 24 Hours

Linux and BSD bug
Security researchers recently disclosed that a security vunerability that had remained undiscovered for nearly two years affects almost all Linux and BSD distros that employ the popular X.Org Server package. The bug allows an attacker limited access to a system, either via a terminal or SSH session, to elevate privileges and gain root access. f a vulnerable version of X.org runs on a system as setuid root, it can be abused by normal logged-in users to gain administrator-level control over the machine. That would allow a miscreant to tamper with files, install spyware, and more.

Multiple flaws
Two flaws in the Sophos HitmanPro.Alert - a malware detection and protection tool - were recently discovered by security researchers. While one of the bugs was a kernel memory disclosure flaw, the other was a privilege escalation vulnerability. The flaws could allow attackers to read kernel memory contents, as well as perfrom code execution and privilege escalation attacks. The flaws existed in the input/output control (IOCTL) message handler. 

 Tags

security vulnerability
demonbot
timpdoor

Posted on: October 26, 2018

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!