Cyware Daily Threat Intelligence July 23, 2018

Android spyware
Chinese cyberespionage group APT27, aka GoldenRat have created a new Android spyware, designed to steal sensitive information. One of the unusual traits of the malware is that the C2 server is located in the same area that is under attack. In most cases, attackers tend to locate their servers in places different from those attacked, in order to make the investigations harder.

Calisto backdoor
A Mac backdoor malware, dubbed Calisto, has been detected by security researchers. The backdoor belongs to the OSX. Proton malware family. Researchers believe that the malware is written in  Swift and was found targeting Intego users. Calisto is estimated to be the first version or a prototype of the OSX. Proton malware. DNS rebinding
Security researchers have uncovered that nearly half a billion IoT devices across the globe are vulnerable to DNS rebinding attacks. DNS rebinding attacks provide attackers the ability to bypass firewalls and gain access to vulnerable devices. Connected devices such as printers, smart TVs, IP cameras, IP phones, routers, access points and more are impacted by this issue. To stay safe from attacks, users are advised to disable services such as UPnP, change device passwords and keep devices' firmware updated.

DoS flaw
Apache HTTPD contains multiple vulnerabilities which could allow attackers to remotely access servers that provide HTTP services. The vulnerabilities, if exploited, could allow attackers to cause a denial of service (DoS) condition on a targeted system and access sensitive information. It is highly recommended that users upgrade to the latest patched version.

XXS bug
A vulnerability has been discovered in the WordPress All In One Favicon Plugin. The flaw could allow attackers the ability to alter the builtin upload mechanism. The bug could also allow attackers the ability to execute javascript code through cross-site scripting (XSS) attacks.