Go to listing page

Cyware Daily Threat Intelligence, September 13, 2019

Cyware Daily Threat Intelligence, September 13, 2019

Share Blog Post

Threat actors sometimes dish out new malware in order to stealthily launch large scale attacks. The past 24 hours saw the emergence of two new malware - InnfiRAT and WiryJMPer. While InnfiRAT is specialized in the theft of cryptocurrency-related data, the newly discovered WiryJMPer malware downloader is used to drop Netwire RAT.

In a major discovery, security researchers have uncovered that there are some systems across the globe that are still vulnerable to the well-known Heartbleed vulnerability. The flaw, which is tracked as CVE-2014-0160, exists in the OpenSSL cryptography library. It damages the security of communication between SSL and TLS servers and clients.

Meanwhile, NETGEAR has released a firmware update to fix two DoS vulnerabilities. The vulnerabilities affect NETGEAR N300 wireless routers. The vulnerabilities can be triggered by attackers by sending specially crafted HTTP requests.

Top Breaches Reported in the Last 24 Hours

Entercom attacked
Philadelphia-based broadcasting company Entercom Communications was barred from accessing its systems following a ransomware attack. The attackers demanded a ransom of $500,000 to unlock the impacted systems. The incident has forced some radio stations to complete music logs manually and run without commercials.

Garmin SA suffers a breach
Garmin Southern Africa (Garmin SA) notified its customers about a data breach that affected their payment and personal information. The information was stolen from orders placed on the shop.gramin.co.za shopping portal. The compromised payment information included card number, expiration date, CVV code. Customers’ full names, physical addresses, phone numbers, and email addresses were among the other details exposed.

Top Malware Reported in the Last 24 Hours

InnfiRAT trojan
InnfiRAT is a newly discovered trojan that is specialized in the theft of cryptocurrency-related data. The malware spread through drive-by-download attacks or phishing emails that contain malicious attachments. Once executed, it makes a copy of itself and hides in the AppData directory.

WiryJMPer malware downloader
Security researchers have uncovered a new malware downloader named WiryJMPer. The malware is used to drop Netwire RAT which includes keylogging and password-stealing features. WiryJMPer has been designed with several anti-analysis techniques to evade detection.

Astaroth trojan
A cybercriminal group who is only targeting Brazilians, have been found extensively using trusted names, legitimate Windows services, and Cloudflare Workers to inject the Astaroth trojan. The current campaign has been found targeting victims using emails that are written in Portuguese and disguised as an invoice, show ticket, or civil lawsuit.

WatchBog botnet
The WatchBog cryptocurrency-mining botnet is heavily reliant on the Pastebin website for C&C operations. The botnet is active since last year and is focused on leveraging Linux-based systems to mine for the Monero virtual currency. It mainly targets known vulnerabilities, such as Jenkins’ CVE-2018-1000861, Jira’s CVE-2019-11581, Exim’s CVE-2019-10149, and Solr’s CVE-2019-0192.

Top Vulnerabilities Reported in the Last 24 Hours

PoC for CVE-2019-1208 revealed
Proof-of-Concept for a use-after-free (UAF) vulnerability affecting Internet Explorer and Microsoft has been revealed. The vulnerability is designated with the CVE ID number CVE-2019-1208. The flaw can enable an attacker to remotely execute arbitrary code.

DoS vulnerabilities
Firmware update for DoS vulnerabilities affecting NETGEAR N300 wireless routers has been issued recently. The two DoS vulnerabilities are CVE-2019-5054 and CVE-2019-5055. NETGEAR has addressed the issues with version

Heartbleed vulnerability
Heartbleed vulnerability was introduced and fixed in 2014. However, there are still some unpatched systems. Heartbleed is a code flaw that exists in the OpenSSL cryptography library. It has been assigned as CVE-2014-0160.

Wireshark 3.0.4 released
Wireshark 3.0.4 has been released with a fix for several vulnerabilities. The vulnerability affects versions 3.0.0 to 3.0.3, 2.6.0 to 2.6.10 and it has been fixed with 3.0.4, 2.6.11.

Top Scams Reported in the Last 24 Hours

Sextortion scam
Residents of Ireland are being targeted by an aggressive email sextortion scam that accuses recipients of being pedophiles. The scammers threaten the victims to expose them unless a ransom of 5,000 GBP is paid. Victims are sent emails with the unpleasant subject lines from someone claiming to be an internet security specialist affiliated with the Anonymous group. The recipients are informed that their systems are infected with spyware that can record victims’ inappropriate activities.


heartbleed vulnerability
wiryjmper malware downloader

Posted on: September 13, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.