Cyware Daily Threat Intelligence September 13, 2018

Top Malware Reported in the Last 24 Hours


Cryptomining campaign involving Kodi Add-ons
Security researchers discovered a campaign that infects machines running Kodi add-ons. They believe the add-ons have been altered by cybercriminals looking to mine Monero cryptocurrency with the resource of Kodi users. Kodi users who installed add-ons from the Bubbles, Gaia, and XvBMC repositories may be infected with a coinminer. Users should remove the Kodi add-ons and associated third-party repositories.

PyLocky malware
A new Python-based malware is found posing as Locky ransomware. This malware is packaged with PyInstaller. It has an anti-machine learning capability and uses open-source script-based Inno Setup Installer. Windows Management Instrumentation (WMI) is abused to check the features of affected systems. 3DES cipher and PyCrypto library are used to implement encryption routine.

Hiddad malware
Hiddad malware is found to be embedded in a couple of applications present in Google Play Store. Those questionable apps have been downloaded by mobile users for more than 50000 times. The apps hide after installation and display full-screen ads after some time. Users must find the apps in the app manager folder and uninstall them.

Top Vulnerabilities Reported in the Last 24 Hours


Advantech WebAccess RCE flaw
A flaw (CVE-2017-16720) was possible patched earlier in the Advantech WebAccess SCADA software solution for IoT environment. But it was not properly fixed. So, the product remains susceptible to RCE from unauthorized hackers. WebAccess versions 8.3, 8.3.1, and 8.3.2 are affected. The flaw allows RCE via the Remote Procedure Call (RPC) protocol over TCP port 4592. Malicious Distributed Computing Environment/Remote Procedure Calls (DCERPC) is utilized.

Fuji Electric V-Server flaw
Multiple flaws have been found in Fuji Electric V-Server Lite that can allow a remote hacker to execute arbitrary code. The flaws associated with the tool are mainly heap-based buffer overflow and stack-based buffer overflow flaws. All the flaws have been patched by Fuji Electric with the release of v4.0.4.0.

Kernel exploit in macOS
A Kernel level memory corruption issue was found in macOS Webroot SecureAnywhere AV software. The flaw has been caused by an arbitrary user-supplied pointer that can be read from and written as well. Hackers can gain a kernel opening to execute arbitrary codes in the core element.

Top Breaches Reported in the Last 24 Hours


Npower data breach
Energy giant Npower recently suffered a security glitch where personal details of around 5000 customers were exposed. PIIs like names, addresses, and payment details of the customers were emailed to wrong account holders. An investigation is currently being conducted to find who sent the emails on behalf of the company. The Information Commissioner’s Office (ICO) has been notified of this as well.

TV Licencing breach
TV Licencing website recently faced a glitch where some transactions processed earlier weren’t secure as thought. The issue is believed to have affected the customers’ personal details. Names, addresses, email IDs, banking details and sort codes, and account numbers are suspected to be leaked. Viewers are urged to check their bank statements to ensure that no unauthorized transaction has occurred.  

Edinburgh University DDoS attack
Edinburgh University recently suffered a massive-scale DDoS attack where its websites and wireless network gateways went offline. University’s internet provider believes the attack is restricted to only one university network. No student or faculty data is affected as of now.






  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.