Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 26, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 26, 2018
Top Malware Reported in the Last 24 Hours
**Parasite HTTP RAT
** Security researchers have discovered a new remote access tool (RAT) called Parasite HTTP, which is currently being sold by cybercriminals on the dark web. The malware comes packed with various features, including state-of-the-art detection-evading capabilities. So far, the Parasite RAT has been observed in a small phishing email campaign targeting the healthcare, IT and retail sectors.
**MDM malware attack
** The malicious MDM malware campaign targeting iPhone users in India may be a much larger campaign than previously expected. Security researchers suspect that the cybercriminal behind the campaign is likely located in India. The campaign targets not just iOS users but, also Windows users. Researchers also discovered that the MDM's security posture has been improved. The campaign continues to make use of fake WhatsApp and Telegram apps to distribute malware to victims.
Top Vulnerabilities Reported in the Last 24 Hours
**Pizza Hut website bug
** A vulnerability was discovered in Pizza Hut's website. The flaw allowed anyone with a Pizza Hut account to access customer information, such as names, delivery addresses and contact information. The vulnerability was discovered in the system of an unnamed third-party vendor, who managed Pizza Hut's online store.
**Privilege escalation flaw
** A vulnerability in the Network Manager VPNC plugin has opened it up to a privilege escalation attack. The bug allows attackers the ability to execute arbitrary commands as root. A patch has been released to fix the issue. Users are advised to update to the latest version.
**Oracle Database Server bugs
** Multiple vulnerabilities have been discovered in the Oracle Database Server. The bugs include a deserialization flaw, a bug that impacts the Core DBMS' component. The third flaw is an issue with Create Session, Create Procedure privileges. The bugs could allow attackers the ability to compromise the systems. Users are recommended to upgrade to the latest patched version.
Top Breaches Reported in the Last 24 Hours
**COSCO ransomware attack
** China-owned shipping giant COSCO reportedly suffered a destructive ransomware attack, which resulted in attackers compromising the firm's networks. The attack also saw several of the firm's US sites shut down. However, COSCO stated that the incident was caused due to a local network breakdown. The shipping giant has warned its employees to not open any suspicious emails and urged its IT staff to conduct a complete scan of its networks.
**LifeLock data leak
** Symantec's identity-theft protection service LifeLock exposed millions of its customers' data. The breach was caused due to a vulnerability in LifeLock's website, which has since been fixed. However, the flaw could have allowed cybercriminals the ability to harvest the exposed data and use it to launch phishing attacks.
**Sias data breach
** The Securities Investors Association (Singapore) or Sias acknowledged that it suffered a breach in 2013, which affected 70,000 members. The breach was caused by Sias website flaws and allowed attackers to steal home addresses, email addresses, and mobile and landline numbers. The firm has since taken it offline and is working on developing a new website.