Cyware Daily Threat Intelligence September 26, 2018

Top Malware Reported in the Last 24 Hours

DanaBot malware
Security experts have observed a recent surge in DanaBot banking malware campaigns. The cybercriminals behind the malware have shifted to targeting European nations, including Poland, Italy, Germany, Austria, and as of September 2018, Ukraine. DanaBot is capable of stealing credentials from several browsers. The malware has also been upgraded and now contains functionalities such as a Tor plugin that allows attackers to connect to .onion websites. 

Monero miners on Google Play
Security researchers have discovered around 25 Android apps on the Google Play Store contain malicious code that mines for Monero. The Monero mining code was discovered to apps disguised as games, utilities and educational apps, among others. The malicious apps have been downloaded and installed over 120,000 times, hinting at the number of devices that may have been infected by the Monero miner. 

Top Vulnerabilities Reported in the Last 24 Hours

Monero "burning bug
Monero developers recently patched a potentially dangerous vulnerability that was brought to light after a user posted a hypothetical question about stealth addresses on a Monero subreddit. The "burning" bug, if exploited, could have allowed attackers to steal massive amounts of cryptocurrencies from exchanges. 

FragmentSmack DoS flaw
Around 88 Cisco products were found containing a DoS vulnerability dubbed FragmentSmack. The vulnerability could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. Although the flaw was found on Linux, along with its sibling dubbed SegmentSmack, the bug can also impact Windows systems. Cisco has advised customers to check the product-specific documentation for possible workarounds until a patch is available.

MacOS Mohave zero-day
Apple's latest OS Mojave was found to contain a zero-day vulnerability that could allow a remote attacker to bypass Apple's protections. The vulnerability could also allow attackers the ability to access a Mac user’s address book.

Top Breaches Reported in the Last 24 Hours

UN WordPress breach
One of the United Nation's WordPress websites publicly exposed thousands of resumes of hopeful job seekers. The breach was caused by a path disclosure and an information disclosure bug. The organization was unable to plug the leak despite receiving a private report on this issue. It was found that the job applications sent to the UN were sent via an improperly configured web application. This oversight allowed attackers the ability to access a directory index of the documents. 

NewsNow breach
NewsNow was hit by a data breach that exposed users' encrypted passwords. The breach was caused by a backdoor on some of NewsNow's servers. The attackers allegedly exploited an eight-year-old code. After NewsNow discovered the breach, it shut down all affected servers. Although it's not clear as to how many users were impacted, those impacted by the breach, have been notified by email.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.