Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 13, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 13, 2018
Top Malware Reported in the Last 24 Hours
**Dorkbot malware resurfaces
** The Dorkbot banking trojan is back from an extended hiatus. The malware was found targeting Skype, Facebook, and Twitter users. Dorkbot has been upgraded to steal users' credentials using a new code injection technique called 'Early Bird'. The malware also comes with remote code execution features allowing hackers to steal banking data.
**DrupalGangster malware campaign
** A new malware campaign has been uncovered, leveraging the Drupalgeddon 2.0 vulnerability. The campaign infects victims with an XMRig-based cryptocurrency miner that mines for Monero. The campaign leverages Drupalgeddon 2.0 to conduct remote command injection attacks. This allows attackers to create a Monero-mining botnet. The hackers behind the campaign have already raked in $11,000.
**GoldenCup malware campaign
** Security researchers have uncovered a new spy campaign targeting World Cup fans. The malware masquerades as a fake sporting app on the official Google Play Store. The spyware steals victims' phone numbers, app data, device model, manufacturer, device ID, Android version IMEI and IMSI.
Top Vulnerabilities Reported in the Last 24 Hours
**Tor use-after-free bug
** A use-after-free vulnerability was discovered in the Tor browser. The bug can allow attackers to compromise a system by executing a denial of service flaw. Patches for this flaw have already been issued. Users are advised to upgrade to the latest version of the Tor browser.
**Aurora vulnerability
** A new vulnerability has been uncovered targeting the energy sector. The Aurora flaw has been used by hackers in attacks targeting power grids. The flaw allows attackers to disconnect and reconnect the generator from the power grid, which in turn, created immense pressure on the generator's rotors. The flaw essentially has the ability to damage the generator, shutting down a power grid.
**FTP buffer overflow flaw
** The core FTP contains a vulnerability that can allow hackers to leak kernel memory. The flaw exists in the rmsock command in IBM AIX and can allow attackers to cause a denial of service (DoS) condition. Patches that address the flaw have been issued. Users are advised to upgrade to the latest version immediately.
**MacOS vulnerability
** Apple products contain a code execution vulnerability that can allow hackers to create a cross-origin access error and steal audio data.
Top Breaches Reported in the Last 24 Hours
**Ukraine thwarts an attempted cyberattack
** Hackers attempted to infiltrate the networks of a Ukranian chlorine station - LLC Aulska - using the VPNFilter malware. Ukraine's security service said that the attack, which was aimed at destroying the water treatment facility was detected and stopped.
**Healthcare data breach
** MedEvolve, an Arkansas-based practice management software provider confirmed that one of its clients, Premier Immediate Medical Care, was hit by a data breach that may affect 200,000 current and former patients. Names, billing addresses, telephone numbers, primary health insurers, and the Social Security numbers of some of the patients is believed to have been accessed by the attackers.
**Thomas Cook Airlines breach
** Thomas Cook Airlines inadvertently exposed names, email addresses, and flight details of the customers. The breach was caused by a flaw, called Insecure Direct Object Reference (IDOR), which is commonly found on poorly designed web applications. The bug remained hidden in the firm's network for years.