Cyware Daily Threat Intelligence October 30, 2017

Data-stealing Chrome extension
Google Chrome extensions are in abundant supply in the last few months. However, the harmful nature of those extensions is something not to cherish for. But this time an extension that secretly steals data from the victim’s post on websites. It’s named Catch-All, this malicious extension can even capture your login credentials and passwords. 

ANDROIDOS_JSMINER
A new Android Cryptocurrency mining app has been discovered which is used to deliver the CoinHive JavaScript cryptocurrency miner to users. The miner is hidden in “Recitiamo Santo Rosario Free” and “SafetyNet Wireless App” app available on Google Play store. Both of these apps do the same thing once they are started: they will load the JavaScript library code from Coinhive and start mining with the attacker’s own site key.

Stop CoinMiner malware
CoinMiner malware has been targeting mobile devices increasingly, but researchers doubt the efficacy of such devices producing any significant amount of cryptocurrency. These cause decreased device performance and reduced battery life. To users relief, some extensions—NoScript (for Firefox) or ScriptSafe (for Chrome)—could deter CoinMiner’s functioning. Apache OpenOffice patched
The Apache Software was buggy for some time now. But to the relief of the users, the software has now fixed with the latest patch. All Apache OpenOffice versions 4.1.3 and older are affected including the OpenOffice.org versions are also affected. Users are urged to install Apache OpenOffice 4.1.4 to stay protected.

AmosConnect flaws
Recently, researchers found out two critical cybersecurity vulnerabilities affecting Stratos Global’s AmosConnect communication shipboard platform. The vulnerabilities impact thousands of customers running the newest version of its AmosConnect platform, typically found on maritime sea vessels.

Windows NTML flaw
Microsoft issues a patch for Windows 10 and Windows Server 2016 users. The update addresses a flaw that could allow attackers steal Windows NTLM password hashes without any user interaction. Heathrow security data
In a surprising incident, a USB drive containing security information of the Heathrow Airport was found. The USB drive has a total of 76 files containing sensitive documents of security measures and the route the Queen takes to the airport. It also has security details of cabinet ministers and foreign dignitaries. The drive also carried timetable of security patrols and types of ID needed for restricted areas.

Equation Group hacked
The secret behind the Equation Group breach that occurred in the last year has been finally unveiled. The members of the Shadow Broker group posted more than 256 MB data that purports to contain a series of hacking tools used by the Equation Group since 2010. This data was retrieved after one of their C&C servers was hacked.