Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence July 24, 2018 - Featured Image

Daily Threat Briefing Jul 24, 2018

Top Malware Reported in the Last 24 Hours

**Shrug ransomware
** The newly discovered Shrug ransomware may have been a devastating malware given that it is capable of screen-locking and disabling keyboard and mouse events. The ransomware's authors inadvertently left the decryption keys, which were completely unencrypted, in the malware registry, allowing victims to recover their data without paying a ransom.

**Satori malware
** Cybercriminals have been using open Android Debug Bridge (ADB) ports to distribute a potential Satori malware variant to Android devices. The first wake of the attacks came from the US and China, while the second wave of attacks came from Korea. Security researchers also discovered that over 48,000 IoT devices are vulnerable to ADB exploitations.

**Red Alert 2.0 malware
** A new campaign has been discovered delivering the Red Alert 2.0 malware. The malware is capable of gaining device administrative privileges and can also lock screen, remove passwords and more. The banking malware surreptitiously works in the background while targeting a list of banks.

Top Vulnerabilities Reported in the Last 24 Hours

**Sony Camera bugs
** Multiple vulnerabilities have been discovered in Sony's IPELA E Series Network Cameras. The first is a command injection flaw while the second is a stack buffer overflow bug. The vulnerabilities could allow attackers to launch remote code execution attacks and steal sensitive data. Patches are available. Users are advised to update to the latest version.

**Bluetooth bug
** A bug has been discovered in the Bluetooth firmware or OS software drivers. The flaw allows attackers to replace the public keys, used during devices' pairing, by injecting invalid keys. The flaw could allow attackers the ability to intercept and decrypt and/or forge and inject device messages.

**Denial of Service flaws
** The Apache Tomcat server contains several vulnerabilities that could allow attackers to cause a denial of service (DoS) conditions. One of the vulnerabilities is an information disclosure issue while under the other flaw the hostname verification when using TLS with the WebSocket client was missing.

Top Breaches Reported in the Last 24 Hours

**Oracle WebLogic servers attacked
** Cybercriminals targeted Oracle WebLogic servers by taking advantage of vulnerable systems that have not been patched for a critical flaw. The bug allows attackers to gain control of the entire server without having access to the server's password. Patches for this issue are available. Users are advised to update their servers immediately to stay safe from such attacks.

**US power networks attacked
**In 2017, Russian hackers targeted US electric networks. According to federal authorities, the hackers, who are connected to the state-sponsored hacker group Dragonfly (aka Energetic Bear), gained access to utility networks and stole sensitive credentials. The attackers broke into air-gapped or isolated networks owned by utilities, with relative ease.

Related Threat Briefings