Cyware Daily Threat Intelligence

Daily Threat Briefing • Apr 6, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Apr 6, 2018
Top Malware Reported in the Last 24 Hours
WhiteRose ransomware
A new ransomware belonging to the Infinite Tear ransomware family, called WhiteRose ransomware, has been discovered by security researchers. The ransomware was discovered infecting devices and encrypting files by attaching '.WHITEROSE' extension. Users are advised to avoid paying a ransom, as this ransomware is surprisingly decryptable.
IcedID banking trojan
The IcedID banking trojan, which used Emotet to distribute itself, has been noticed spreading via emails with attached malicious Microsoft Word documents containing Macros. The trojan is also using the Rovnix malware to infect systems. IcedID employs a minimalist process injection technique to avoid detection.
IoTroop botnet
A new botnet, called IoTroop, has been designed by hackers in order to specifically target the financial sector. Unlike Mirai, this botnet attempts at infecting vulnerable devices by exploiting vulnerabilities and not via unchanged administrator credentials. IoTroop has over 13,000 devices--each with a unique IP address.
Top Vulnerabilities Reported in the Last 24 Hours
Microsoft patches RCE flaw
The security patch for the exploitable memory corruption vulnerability in the Microsoft Malware Protection Engine (MMPE) has been released. The update gets automatically installed in systems with update management software configured to automatically approve and distribute engine updates.
Flaws in Spring Framework apps
The open source framework for Java-based enterprise applications, Spring Development Framework, was discovered with three vulnerabilities. One is a remote code execution vulnerability (CVE-2018-1270), the second one allows hackers to execute directory traversal attack (CVE-2018-1271), the third one is dubbed CVE-2018-1272. Users are advised to install versions 5.0.5 and 4.3.15 to stay safe.
Security flaws in Moxa devices
Two security flaws have been discovered in Moxa devices. The first flaw is found in the Moxa AWK-3131A 802.11n industrial wireless networking gear and the second resides in Moxa's MXview network management software. Hackers can exploit these flaws to inject command-line instructions and access the files to execute arbitrary code on the server, respectively.
Top Scams Reported in the Last 24 Hours
Chip card scam
Financial institutions are being warned about a new scam involving the theft of chip-based debit cards. Scammers are intercepting the new debit cards in the mail and replacing their chips with old ones. How are scammers managing to pull off this act is not known yet. However, officials are suspecting the involvement of US postal service employees.
WhatsApp scam
A new scam is being perpetrated on WhatsApp. Users are receiving fake messages that Virgin Atlantic is giving away free tickets on the eve of its 35th anniversary. The message contains a URL, clicking on which redirects the users to a page asking them to fill out few questions related to victim's personally identifiable information. To stay safe, users are advised to cross-check the spelling of the URL and the domain address before clicking on it.