Cyware Daily Threat Intelligence, October 30, 2019

Share Blog post

Several malware strains have been reported today. The Maze ransomware has launched a new campaign in Italy. This campaign involves a phishing email that tricks the receiver to ‘Enable Content’ to infect the system with the ransomware.

Two DDoS attacks were reported in the past 24 hours. The Pirate Bay was a victim, with the impact involving prolonged downtime. The Kloop website was also rendered inaccessible to some of its readers.

Meanwhile, a new scam involving Amazon Prime subscription has also emerged. Although there are many variants of this scam, all of them aim to connect the victim to a premium rate number.

Top Breaches Reported in the Last 24 Hours

Las Cruces Public Schools hit by ransomware
A ransomware attack hit the Las Cruces Public Schools and disrupted computer-based communication. The district is working to restore critical services. Officials have not found any evidence yet of student or staff data being compromised.

DDoS attack on The Pirate Bay
The Pirate Bay suffered a distributed denial of service (DDoS) attack that caused downtime for more than a week. The attack’s motive or those responsible for the attack have not been revealed yet.

Kloop suffers DDoS attack
In another DDoS attack reported today, the Kloop website was a successful target. This attack led to the site being inaccessible to some of the readers. The attack, that reportedly began at 3 am UTC on September 29, 2019, was mitigated.

Curry PC World customers robbed
Thousands of pounds were stolen from Currys PC World customers when malicious actors hijacked the firm’s eBay account. The hackers are said to have changed the payment details on the eBay listings. The affected customers have been promised a refund.

Top Malware Reported in the Last 24 Hours

New Android malware reported
A new Android malware dubbed ‘xHelper’ has been reported to have infected 45,000 devices. It has been observed to reinstall itself after manual uninstallation or factory resets. Researchers said that this malware is in evolution, with updates happening periodically.

New Adwind RAT variant spotted
A new variant of the Adwind RAT targeting Windows applications and Chromium-based browsers has emerged. It is delivered through phishing links or legitimate sites hosting insecure third-party content. The malware steals passwords saved in browsers including bank credentials and business application logins.

Maze ransomware targets Italians
The Maze ransomware has been spotted in a new malicious campaign in Italy. The campaign sends spam emails under the guise of the country's Tax and Revenue Agency. The email contains a word document that claims to be the new guidelines for businesses and citizens.

Top Vulnerabilities Reported in the Last 24 Hours

Security flaws in Rittal discovered
Rittal, a chiller for cooling IT applications, has been discovered to contain two critical vulnerabilities. These security flaws can potentially allow attackers to control the systems and cause disruptions. Both of these vulnerabilities are said to be authentication-related.

MikroTik vulnerabilities patched
Researchers uncovered vulnerabilities in MikroTik routers that can lead to the creation of a backdoor. These vulnerabilities, when chained together, can be exploited to change system passwords and gain a route shell. Mikrotik has released patches for these vulnerabilities.

PHP releases patch
The PHP team has released patches for a remote execution flaw that potentially allows the take over of any site. The flaw was in the PHP7 version, and only affects instances running on the Nginx web server and using the PHP FastCGI Process Manager (PHP-FPM).

Top Scams Reported in the Last 24 Hours

Amazon Prime scam
A new phone call scam involving Amazon Prime has come to light. An automatic phone call informs the victim that they’ve been charged for an Amazon Prime subscription. There are many variations of this scam but all of them convince the victim to press ‘1’ and connect them to a premium rate number.


 Tags

adwind rat
amazon prime
php 7
microtik
xhelper
maze ransomware
ddos attacks

Posted on: October 30, 2019

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!