Cyware Daily Threat Intelligence

Daily Threat Briefing • Apr 12, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Apr 12, 2018
Top Malware Reported in the Last 24 Hours
IoT devices exploited for botnet operations
It has been found that at least 65,000 routers have been compromised by botnet operators and cyber-espionage groups (APTs) to create proxy networks in order to carry out illegal activities. Hackers are abusing the Universal Plug and Play (UPnP) protocol that comes with all modern routers to proxy bad traffic and hide their real location.
CoinMiner injects Coinhive JavaScript
An increase in the operations of the malware variant CoinMiner/CoinMiner-FOZU has been noted by security researchers. The malware mines for cryptocurrency by injecting Coinhive JavaScript into HTML files and blocking the domains of security products. The malware also deletes both ISO and GHO files to prevent victims from restoring clean copies.
Chtonic banking malware
Hackers are breaching legitimate websites in order to spread Chtonic banking malware, a variant of ZeusVM, to users through fake alerts for browser updates. This attack method is in use since December last year. To stay safe, users are advised not to click on random pop-ups asking them to download browser updates.
Top Vulnerabilities Reported in the Last 24 Hours
SAP patches critical flaws
SAP has released the April 2018 Security Patch Day, containing a collection of 10 security patches that address critical vulnerabilities in web browser controls in SAP Business Client. The patches also address a DoS flaw (tracked as CVE-2017-7668), an improper session management (CVE-2018-2408) and a code injection vulnerability.
Screen lock bypass vulnerability in iOS
A screen lock bypass flaw has been discovered in the Signal app of iOS versions prior to 2.23.1.1. The bug works based on the click sequence that includes app opening, clicking on cancel and using the home button. Users are advised to update to Signal app's version 2.23.2 to stay safe.
Multiple vulnerabilities in Simple DirectMedia Layer
Several security flaws have been discovered in Simple DirectMedia Layer's SDL2_Image library, version 2.0.2. The vulnerabilities include CVE-2018-3837, an exploitable information disclosure flaw; CVE-2018-3838, an information vulnerability in XCF image rendering functionality; and CVE-2018-3839, a code execution vulnerability.
Top Breaches Reported in the Last 24 Hours
A cyber attack on Islamic State
The United Kingdom has launched a cyber attack campaign against the Islamic State group to hinder the group's ability to coordinate attacks and suppressed their propaganda. The National Cyber Security Centre (NCSC) and UK law enforcement have also designed a new categorization brief for cyber attacks in order to improve consistency and speed in incident responses.
A data breach at GWR
Britain's Great Western Rail (GWR) has recently suffered a data breach incident where the company's customer accounts were accessed by the hackers. Only 1000 accounts were directly affected out of more than one million. Customers are advised to change their passwords immediately.
Radar and other Bridge systems breached
A simulated penetration test has been conducted by ethical hacking experts from Naval Dome to check how vulnerable radar systems are. Experts could breach into the systems of ECDIS, voyage data recorders, and radar systems. This is done so adeptly that no suspicion is aroused.