Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jan 8, 2020

The detection of new malware samples indicates the level at which cyber threats are evolving. In the past 24 hours, security researchers have spotted two new malware that are capable of wreaking massive havoc in organizations worldwide. The newly discovered malware are LiquorBot and SNAKE ransomware. While LiquorBot is a Mirai-inspired botnet that incorporates Monero cryptocurrency mining features, the SNAKE ransomware contains a much higher level of obfuscation to evade detection. The ransomware, once installed, kills several processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more.

In a major security update, Google Android’s January 2020 Patch Tuesday has issued fixes for 40 vulnerabilities affecting its multiple components. While 33 flaws exist in Kernel, Qualcomm, and Qualcomm closed-source components, there are seven flaws that affect Framework, Media framework, and System.

Top Breaches Reported in the Last 24 Hours

Focus Camera website compromised

The website of the photography and imaging retailer Focus Camera got hacked last year by Magecart attackers. To hide the malicious traffic, the attackers registered a fake domain ‘zdsassets.com’ that resembles the legitimate domain ‘zdassets.com.’ The attackers injected malicious code into the website to steal customers’ payment card details.

Alomere Health affected

Minnesota-based hospital operator Alomere Health has issued a data breach notice that may have impacted nearly 50,000 patients. The incident occurred after a malicious actor gained access to two employees’ email accounts in late October and early November. The compromised data includes names, addresses, dates of birth, medical record numbers, health insurance information and diagnosis, and treatment details information.

Top Malware Reported in the Last 24 Hours

LiquorBot

LiquorBot is a new Mirai-inspired botnet that is still under development. The botnet, which is written in Go language, incorporates Monero cryptocurrency mining features. It spread through SSH brute-forcing or by exploiting unpatched vulnerabilities in selected router models. LiquorBot targets a wide range of CPU architectures ranging from ARM and ARM64 to x86, x64, and MIPS.

SNAKE ransomware

SNAKE is a newly discovered ransomware written in Go language and contains a much higher level of obfuscation to evade detection. Once installed, the ransomware removes the computer’s Shadow Volume Copies and then kills numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more. When encrypting a file, it appends a random five-character string to the file’s extension.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft’s information disclosure flaw

An information disclosure vulnerability affecting Microsoft Access can cause sensitive data from system memory to be unintentionally saved in database files. The flaw tracked as CVE-2019-1463, affects Office 2010, 2013, 2016, 2019, and 365 ProPlus. The vulnerability is also dubbed as ‘MDB Leaker’ and has been fixed in December 2019.

Google patches 40 flaws

Google has released patches for 40 vulnerabilities in the first Android security bulletin for 2020. The patches include a fix for a critical flaw in the Media framework. Apart from this, fixes have been issued for 33 flaws affecting Kernel, Qualcomm, and Qualcomm closed-source components.

Top Scams Reported in the Last 24 Hours

Microsoft phishing scam

An attacker is taking advantage of the recent warnings about possible Iranian cyberattacks in an attempt to collect Microsoft login credentials. The email that pretends to be from ‘Microsoft MSA’, has an email subject of ‘Email user hit by Iran cyber attack’ warning. The email goes on to say that in response to this attack, Microsoft was forced to protect its users by locking their email and data on Microsoft’s servers. To gain full access again to this locked data, the phishing email prompts the recipients to log in to their account by clicking on a ‘Restore Data’ button. This redirects to a phishing landing page that is disguised as a Microsoft login form.

Related Threat Briefings