Go to listing page

Cyware Daily Threat Intelligence May 25, 2018

Cyware Daily Threat Intelligence May 25, 2018

Share Blog Post

Top Malware Reported in the Last 24 Hours
Russian botnet
The Justice Department has identified and seized a domain that appears to be at the center of a Kremlin-backed hacking campaign by the Sofacy group. It's network contains more than half a million web-connected devices across the globe. The botnet is found to be capable of intelligence gathering as well as launching disruptive denial-of-service attacks.

Phorpiex/Trik Botnet
Proofpoint researchers have dissected the Phorpiex/Trik botnet to check its functionalities. Several malware including GandCrab, Pushdo, Pony, Trik updates, and various coin miners are found using its services. The malware propagates via removable media storage and email spam.

JS_DLOADR malware
Security researchers have come across a new malware launching hacking campaigns. The malware, dubbed JS_DLOADR and W2KM_DLOADR, are using spam emails embedded with malicious attachments to spread across networks. Some of the names of the malicious documents used are INVOICE[.]docm, Doc1[.]docm, Fake Resume[.]docm, wwww[.]docm, and so on.

Top Vulnerabilities Reported in the Last 24 Hours
Windows systems vulnerable to Null Session
Windows 2000 and NT systems are found to be vulnerable to Null Session attacks. The Null Session vulnerability allows attackers to connect to an unsecured Windows system's IPC share. After manually establishing a Null Session, attackers can collect information from a Windows system, even without having to log in.

Ubuntu fixed multiple flaws
Several vulnerabilities have been fixed by Ubuntu 12.04 ESM. By exploiting these vulnerabilities, attackers can execute arbitrary code or leak information. The new version 7.22.0-3ubuntu4.21 contains mitigation to the flaws. Users are urged to update their systems to the latest security patch.

Security flaws found in Micro Focus products
A critical security vulnerability has been discovered in Micro Focus Universal CMDB/CMS and Micro Focus UCMDB Browser, that could allow Cross-Site Scripting (XSS). Security updates and mitigation are already available for these flaws for supported versions of Micro Focus Universal CMDB/CMS and Micro Focus UCMDB Browser. 

Top Breaches Reported in the Last 24 Hours
Customer data at risk
Security researchers have discovered a bug in T-Mobile's website that allows hackers to access subscribers' personal details. The bug was found on a publicly facing T-Mobile site, promotool.t-mobile.com, a subdomain used by staff to access account details. Due to this bug, data including account PIN number has been exposed.

Security numbers of nurses exposed
Personal information of hundreds of nurses has been exposed an unsecured database. The data leak occurred after the nursing board’s online portal accidentally ended up on a nonpublic portion of a database. The exposed database included the Social Security numbers, names, and addresses of nurses. D.C. Department of Health is providing all victims with free one year credit services.


Posted on: May 25, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite