Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 28, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 28, 2019
As the cyberspace becomes dangerous day by day, security experts are leaving no stone unturned to protect critical assets and infrastructures which could be potential targets for cybercriminals. In a major crackdown, Avast, along with the French National Gendarmerie, has disinfected over 850,000 Windows systems by taking down command and control(C2) servers of Retadup malware. This was made possible by the discovery of a design flaw in the C2 communication protocol of the malware by Avast researchers.
A new botnet named Ares was also uncovered in the past 24 hours. The botnet leverages Android Debug Bridge (ADB) for propagation. It affects Android set-top boxes manufactured by HiSilicon, Cubetek, and QezyMedia. ADB can be accessed on TCP port 5555 in three ways via a wired connection, Wi-Fi or over a network or the internet.
Top Breaches Reported in the Last 24 Hours
New Kent County Public Schools attacked
New Kent County Public Schools were subjected to a ransomware cyberattack recently. The ransomware encrypted nearly the entire school network. As the cyberattack encrypted the files located on the school district’s internal hard drives, staff members are unable to access the files, documents, and data they have created. School officials claim that they are working to put an end to the issue before students head back for classes.
Imperva firm suffers an attack
A security incident has been disclosed by the Cyber-security and DDoS mitigation firm Imperva, which affected the users of their Cloud Web Application Firewall (WAF), previously known as Incapsula. A third-party was responsible for notifying them about a data breach that exposed the data of some of their Cloud WAF customers. Customer email addresses, the hashed and salted passwords, and in some cases the API keys and SSL certificates, were among the data that was exposed.
Top Malware Reported in the Last 24 Hours
Ares botnet
Ares is a newly discovered botnet that affects Android set-top boxes manufactured by HiSilicon, Cubetek, and QezyMedia. The botnet leverages vulnerable Android Debug Bridge (ADB) for propagation. This vulnerable ADB can be accessed on TCP port 5555 in three ways via a wired connection, Wi-Fi, or over a network or the internet.
Malicious CamScanner app
A recent report reveals that the widely used CamScanner app contained a trojan dropper named Trojan-Dropper.AndroidOS.Necro.n. The app has more than 100 million downloads worldwide. Upon discovery, Google has removed the app from its Play Store. The trojan dropper included in the app is capable of installing malicious payloads and stealing targets’ data.
Retadup malware C2 servers taken down
Avast, along with the French National Gendarmerie, has taken down the command and control servers of Retadup malware. After gaining access to the infrastructure, they deleted the malware using specific commands. In this manner, they effectively disinfected over 850,000 Windows systems.
China Chopper
China Chopper is a web shell that was used in the massive ‘Operation Soft Cell’ campaign affecting telecommunication providers worldwide. The tool allows malicious actors to remotely control a target system. Researchers note that China Chopper has also been used by some state-sponsored actors such as Leviathan and Threat Group-3390.
Top Vulnerabilities Reported in the Last 24 Hours
Check Point patches a vulnerability
Check Point has patched a privilege escalation vulnerability discovered in its Endpoint Security Initial Client software for Windows. The flaw, tracked as CVE-2019-8461, can allow potential attackers to escalate privileges and execute malicious code using SYSTEM privileges. The flaw can also be abused to evade anti-malware detection by bypassing application whitelisting. Check Point has patched the flaw with the release of Endpoint Security Initial Client for Windows version E81.30.