Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence August 27, 2018 - Featured Image

Daily Threat Briefing Jul 17, 2018

Top Malware Reported in the Last 24 Hours

**Magniber ransomware
** Cybercriminals have upgraded the Magniber ransomware variant with various obfuscation techniques. The ransomware has also expanded its target base, going after users in various Asia Pacific nations. Security researchers have observed Magniber infections in Hong Kong and Taiwan. Magniber's new variant uses the Internet Explorer VBScript engine vulnerability instead of relying on the C2 server of hard-coded encryption keys to propagate.

**Dorkbot banking trojan
** The Dorkbot banking trojan has been upgraded with a new code injection technique called Early Bird. The malware was previously used by hackers to target Skype, Facebook and Twitter users. The malware allows attackers to conduct remote code execution attacks to steal sensitive banking data.

**DrupalGangster malware
** The DrupalGangster malware was spotted targeting web servers vulnerable to the Drupalgeddon 2.0 bug. The malware allows attackers to conduct a command execution attack, exploiting the Drupalgeddon 2.0 flaw to grow a botnet and deliver a Monero miner.

Top Vulnerabilities Reported in the Last 24 Hours

**GitList argument injection flaw
**GitList contains a vulnerability that exposes it to argument injection attacks. The bug was caused due to GitList improperly validating input using the PHP function 'escapeshellarg'. The flaw could allow hackers to inject data or command syntax to change the state of a targeted application. Patches are available for this bug. Users are advised to upgrade to the latest version of the software.

**********Microsoft Edge memory corruption bugs
** Microsoft Edge contains multiple memory corruption bugs. The vulnerabilities exist due to improper handling of objects in memory. If exploited, the bugs could allow hackers the ability to view, alter or delete data, install programs and create new accounts. Users are advised to upgrade to the patched version of the software.

**VMWare out-of-bounds read flaw
** A high severity vulnerability has been discovered in VMWare Tool's Host-Guest File System (HGFS) driver. The out-of-bounds read flaw can allow attackers to gain elevated privileges or access sensitive information on a targeted virtual machine. Patches are available for this issue. It is highly recommended that users upgrade to the fixed version of the software.

Top Breaches Reported in the Last 24 Hours

**Telefonica breach
** Spanish telecommunications provider Telefonica was hit by a data breach. The breach exposed the personal and financial information, including, landline and mobile numbers, national ID numbers, addresses, banks, names and records of calls and more of millions of Spanish Movistar users.

**Dahua breach
** Passwords of thousands of Dahua DVR have been exposed. The login credentials were cached by the IoT search engine ZoomEye and leaked on the internet. Hackers exploited a five-year-old flaw to steal a targeted device's serial number, settings, and passwords. Access to this data can allow attackers to remotely log in and spy on victims.

**Mega data breach
** New Zealand file storage service Mega suffered a data breach after thousands of user account credentials were leaked online. The breach exposed 15,500 usernames, passwords, and more. Most of the credentials exposed in this breach had already been previously breached, given how the credentials were accessed via credential stuffing.

Related Threat Briefings