Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence December 11, 2017 - Featured Image

Daily Threat Briefing Dec 11, 2017

Top Malware Reported in the Last 24 Hours

Napoleon ransomware
This file-encrypting ransomware was earlier known as Blind has been identified recently with a .napoleon extension. In addition, there were some additional changes and also a bug fix that means files can no longer be decrypted by victims. When infiltrated, the ransomware checks the privileges with which it runs. If it has sufficient privileges, it deletes shadow copies.

Esif.exe CPU miner
The classified Potentially Unwanted Program (PUP) -- Esif.exe CPU Miner -- is reported to feature a corrupted version, which is found on compromised machines. The Esif.exe CPU Miner is a program that is used to make complex calculations and verify the exchange of a cryptocurrency called Bitcoin (BTC).

Java file extension ransomware
The file encoder Trojan -- java file extension -- is a modified version of a threat called Dharma ransomware. The ransomware features minimal changes to the code, but the payload is released in a new packaging, and there are new IP addresses, email accounts. Malware is delivered through macro-enabled documents that invite unsuspecting users into loading a weaponized macro script.

Top Vulnerabilities Reported in the Last 24 Hours

Android vulnerability
The Android vulnerability aka Janus (CVE-2017-13156), allows attackers to modify the code of Android apps without affecting their signature. This allows them to distribute malicious update for the legitimate apps. An attacker can leverage these issues to gain sensitive information, execute arbitrary code or gain elevated privileges.

Internet security alert
The 'Internet Security Alert! Code: 055BCCAC9FEC' pop-up windows are not legitimate security warnings from Microsoft Corp. despite their appearance. The alert warns the user of a presence of virus on their system and display a Windows Technical Support number to call on. The warning is generated through browser extensions that are promoted through untrusted domains.

OpenSSL read/write error
The flow is related to an "error state" mechanism introduced with OpenSSL 1.0.2b. The mechanism is designed to trigger an immediate failure if there is an attempt to continue a handshake after a fatal error has occurred.

Related Threat Briefings