Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence July 03, 2018 - Featured Image

Daily Threat Briefing Jul 3, 2018

Top Malware Reported in the Last 24 Hours

SmokeLoader malware
A new version of the SmokeLoader malware has been discovered by security researchers from Cisco Talos. This new version has been seen using the PROPagate Injection technique for the first time. The campaign uses malicious email attachments to spread. This Word document has a macro embedded.

Malware in Fortnite cheating app
A new malware that has been used to launch Man-in-the-Middle (MitM) attacks has been discovered in Fortnite cheating apps. These apps provide the software that allows players to cheat at the game. The app, now removed, had over 78,000 downloads and it may be hosted in multiple locations.

Nozelesn ransomware
A ransomware, that encrypts a user's files and appends the .nozelesn extension, has been discovered targeting Poland. Once infecting a system, it creates a a ransom note that contains instructions on how to login to a TOR payment server at lyasuvlsarvrlyxz[.]onion to receive instructions.

Top Vulnerabilities Reported in the Last 24 Hours

Facebook bug
A vulnerability has been detected in Facebook that affected more than 800,000 users. The bug allowed blocked users to check published posts and also send messages through Messenger. The bug was reportedly active between May 29 and June 5. Facebook fixed the issue.

Authentication bypass bug in Dell
A new flaw, tracked as CVE-2018-11052, has been discovered affecting Dell EMC ECS versions 3.2.0.0 and 3.2.0.1. This authentication bypass flaw can potentially be exploited by malicious users to compromise the affected ECS system. Customers are advised to apply the patch by opening a Dell EMC ECS service request.

DeepLink Element in Windows 10
An infection vector has been discovered by researchers that allows attackers to embed a specially-crafted settings file into an Office document. Thus attackers can trick a user to run malicious code without any further warning or notification. This allows shell command execution via a file open step.

Related Threat Briefings