Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence December 11, 2018 - Featured Image

Daily Threat Briefing Dec 11, 2018

Top Breach Incidents Reported in the Last 24 Hours

Quincy City Hall email system hacked

Quincy City Hall was affected by a cyber-attack where the entire email system was infected with Emotet Trojan. The email system was hacked and the accounts were used in an ongoing phishing campaign. The virus spread by sending out malicious attachments. The attachments, in this case, were labeled as invoices. The Norfolk County City’s computing systems were offline for five days as a result.

North Bend city ransomware attack

Recently, the City of North Bend was hit by a ransomware attack where the city’s computer systems were targeted. This cyber-attack locked the city workers out of their computers and databases. The city authority received a ransomware note which asked for $50,000 in Bitcoin as a ransom money to unlock the computer systems. The developers behind this scheme mainly targeted the North Bend Police Department.

Cape Cod College hit by hackers

Attackers are found to target Cape Cod Community College and stole more than $800,000 from the school’s bank accounts. In this attack, computers on the college campus got compromised via a phishing attack. A malware payload was dropped to steal banking info.

Google+ API bug leak

Google’s social media platform Google+ potentially exposed the personal information of 52.5 million users. The breach took place due to a security flaw in the Google+ API. The exposed data includes names, email addresses, occupation, usernames, display names, gender, and dates of birth.

Top Malware Incidents Reported in the Last 24 Hours

Lucky ransomware spotted

Lucky, a malware variant of Satan ransomware is found spreading via different vulnerabilities in Windows and Linux server platforms. The malware spreads on its own with no human interaction and exploits known flaws in Windows SMB, JBoss, WebLogic, Apache Struts 2, and Spring Data Commons. The ransomware encrypts files and appends the ‘.lucky’ extension to the encrypted files.

Cloudera Hadoop flaws exploited

Two new strains of malware – Xbash and DemonBot – are found targeting Apache Hadoop servers for Bitcoin mining and DDoS purposes. They scan the internet vigorously for Hadoop clusters that are connected to the Internet and don’t use Kerberos authentication. The flaw in Hadoop is said to exist as the system is not properly configured and secured. But the attack techniques are not sophisticated and use known exploits. The targeted Hadoop servers are directly connected to open internet and they don’t have Kerberos authentication enabled. Hence, users must use a strong Kerberos authentication to check for the right access of privileged users.

Top Vulnerabilities Reported in the Last 24 Hours

Novidade EK spotted

A new exploit kit, called Novidade was found targeting home or small office routers by changing their DNS settings via CSRF. The process enables attacks on a victim’s mobile device or desktop through web applications. The EK can be delivered via malvertising, compromised website injection, and instant messengers. Users are advised to change their router’s default IP address and disable the remote access features.

Side channel attacks target messaging apps

3 popular messaging apps are found to be plagued by the problem of side channel attacks. So, the privacy in WhatsApp, Telegram, and Signal are being compromised as the end-to-end encryption of these apps are not fulfilled. Attackers are using UI Framework, file storage model, group enrollment, and other mechanisms as an attack vector. The flaw is dubbed as CVE-2018-1000136 and is used by both WhatsApp and Signal to build their user interface. It exists in Electron Framework and allows anyone to execute codes remotely.

Related Threat Briefings