Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 28, 2020

Malware authors are constantly developing existing malware to launch catastrophic attacks worldwide. A new variant of Lemon_Duck cryptomining malware that is capable of infecting Linux systems has come to light in the last 24 hours. The variant includes an exploit for a SMBGhost flaw affecting Windows systems and is capable of targeting servers running on Redis and Hadoop instances.

Additionally, a new Anubis info-stealing trojan was also spotted in the wild. The trojan, which borrows its code from Loki malware, is capable of stealing system information.

Researchers also demonstrated a new attack technique that can enable attackers to make fraudulent purchases using contactless VISA cards. The attack relies on a tool called Tamarin, developed by the researchers.

Top Breaches Reported in the Last 24 Hours

NCR Corporation attacked

NCR Corporation was infected by the Lethic trojan that is capable of remote access, lateral movement, and downloading additional payloads. The incident poses a potential supply chain risk to the customers associated with the popular point-of-sale and ATM software developer.

Valley Health Systems affected

The Valley Health Systems has been attacked by REvil ransomware. Following the attack, the healthcare organization lost information related to its clients, employees, and patients.

Top Malware Reported in the Last 24 Hours

New Variant of Lemon_Duck malware

A new variant of Lemon_Duck cryptomining malware has been found targeting Linux machines via SSH brute force attacks. The new variant also exploits an SMBGhost bug in Windows systems and is able to target servers running Redis and Hadoop instances. To make sure that it survives between system reboots, this new malware variant gains persistence by adding a cron job.

New Anubis trojan

Microsoft has detected a new piece of malware, called Anubis, in the wild. It draws code from Loki malware. The malware is designed to steal information from infected Windows systems.

Top Vulnerabilities Reported in the Last 24 Hours

New attack technique

Researchers have discovered an attack technique that can be used to bypass PIN codes for VISA contactless payments. The attack can be executed using four components - two Android phones, a special app called Tamarin, and a VISA contactless card. The attack, if abused in reality, can allow criminals to make fraudulent purchases by impersonating the owner.

Related Threat Briefings