Cyware Daily Threat Intelligence

Daily Threat Briefing • Jan 18, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jan 18, 2019
Top Breaches Reported in Last 24 Hours
Click2Gov data breach
A data-breach of a third-party online payment system has compromised the personal data of Hanover County. The county officials disclosed that an unauthorized person stole credit card information processed by the Click2Gov payment portal between August 1, 2018 and January 9, 2019. The information exposed in the breach includes customer names, credit card numbers and expiration dates. The county came to know about the breach from a group that monitors internet websites from exposed credit card information. In response to the incident, the county has isolated the access to Click2Gov website and investigating the matter.
Top Malware Reported in Last 24 Hours
NanoCore RAT variant
A malicious MS Word document titled “eml_-_PO20180921.doc” is being used to distribute a new variant of NanoCore - version 1.2.2.0. The doc contains auto-executable malicious VBA code. Once opened, the VBA code downloads an EXE file and saves it into “%temp% \CUVJN.exe”.
West African banks attacked
Banks and financial institutions located in Cameroon, Congo (DR), Ghana, Equatorial Guinea, and Ivory Coast have suffered a wave of attacks since at least mid-2017. The attacks were conducted using off-the-shelf, commodity malware such as Cobalt Strike, Imminent Monitor RAT, NanoCore RAT, Remote Manipulator System RAT, and Mimikatz.
New Cryptomining malware
New cryptomining malware that is capable of uninstalling cloud security protections has been discovered by security researchers. The threat actor behind the creation of the malware is Rocke. The malware comes with an in-built evasion technique and specifically targets public cloud infrastructures.
Top Vulnerabilities Reported in Last 24 Hours
ES File Explorer flaw
ES File Explorer app is vulnerable to a serious flaw that can let someone - on the same Wi-Fi network - download or steal files from your phone. The app has over 100 million downloads worldwide. According to researchers, ES File Explorer launches an HTTP server on port 59777. Attackers can use that port to inject a JSON payload. They can then exploit the code to get information about the apps and files the users have.
Ghostscript vulnerability
A vulnerability in Artifex Ghostscript in version prior to 9.26 can allow remote attackers to bypass the intended access restrictions. Dubbed as CVE-2018-19475, the vulnerability allows for unauthenticated disclosure of information, modification and disruption of services. It is of medium severity and requires no privileges for the attack.
Windows Zero-Day Bug
Acros Security has released a micro patch for a zero-day bug discovered in Windows. The bug can allow attackers to overwrite files with arbitrary data. The microcode solution works for 64-bit Windows 10 version 1803. Users who require a variant for other Windows versions are urged to contact the company.