Cyware Daily Threat Intelligence September 22, 2017

Top Malware Reported in the Last 24 Hours
Locky coupled with FakeGlobe
A spam campaign that can either deliver the lethal Locky ransomware or FakeGlobal ransomware has been kicked off by the cybercriminals. This creates a situation where a single person could be victimized twice from the same campaign. It is estimated that 1 million phishing emails disguised as fake Amazon Marketplace and Herbalife invoices are already on a roll to infect systems worldwide.

Nude ransomware
Security researchers have spotted a new ransomware called the nRansomware. This new ransomware encrypts a victim's files and demands nude photographs instead of Bitcoin in exchange for a decryption key. Users are advised to maintain regular backups of their precious data.

Ransomware-as-a-service becoming common
A security firm recently reported their findings after analyzing more than 1,000 ransomware samples. What’s interesting is that most of the ransomware were of low-grade, built with off-the-shelf code. The aim seemed to be reaching as many people as possible.

Top Vulnerabilities Reported in the Last 24 Hours
OptionsBleed bug
Recently, it has been discovered that a HeartBleed-style has surfaced to affect the Apache installs. If you’re using HTTP protocol in everyday internet use there are usually a couple of methods of using it. One HTTP method is called OPTIONS and the flaw in it allows the hacker to get into the server. The method is clearly a bleed-style where a hacker can leak arbitrary pieces of memory.

Microsoft patches Office 2016
The potential remote code execution vulnerability in Office 2016 with CVE-2017-8630 has received a patch from Microsoft. These flaws could be exploited as they resided in some crucial features on the Office 2016. The users are advised to patch the vulnerabilities as soon as possible.

Cloud databases exposed
SQL Injection exploits, simple permission errors, API oversights and server misconfigurations have caused a major leak which exposed over 1 billion records from the servers and cloud databases. Even earlier, cloud databases have leaked health records, voter data and customer support PIN codes from telecommunication companies and so on.

Top Breaches Reported in the Last 24 Hours
National Bank of Canada breached
In an email statement that National Bank of Canada released, it stated that personal information of about 400 customers might have been exposed on the internet due to a technical glitch. To manage the situation, National Bank is offering free credit monitoring to affected customers. The affected victims are advised to be careful as the leaked information could be used against them through phishing emails.

Misconfigured cloud server
Login credentials of over 500,000 car tracking devices were freely exposed due to a misconfigured cloud server, in yet another case of an accidental leak. The data has been exposed by SVR Tracking, a firm that claims to specialize in “vehicle recovery.” The records included user login information like emails and passwords, along with VINs (vehicle identification numbers) and license plate numbers, and GPS device data.

Top Scams Reported in the Last 24 Hours
“Find My Device” feature abused
The crucial feature of the iPhone has been found to be abused by hackers and lock the devices remotely. Hackers were able to affect users who have used the same password for both their iCloud account and other accounts as well. These passwords were, most probably, obtained from previous data breaches of several major websites. Users need to reset their passwords immediately to prevent the attack.

Phony CP2000 letters
A fraudulent IRL letter has a malware residing inside it. Any unsuspecting user that opens it is being infected by the malware. The spam email is disguised as the fake CP2000 letter that the Internal Revenue Service (IRS) usually sends out to taxpayers and is used to deliver a Remote Administration Tool.

Tradorax ceases operations
The binary trading company, Tradorax, was accused of scamming people by luring them into fraudulent online trading schemes. Now it seems like the company has ceased its operations. The modus operandi of the scam was to have members contact a broker who would trade on his/her behalf, But when members wanted to withdraw their money, they found some of their money was siphoned off.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.