Cyware Daily Threat Intelligence

Daily Threat Briefing • Jun 1, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jun 1, 2018
Top Malware Reported in the Last 24 Hours
NavRAT
A malicious Hangul Word Processor (HWP) document is targeting Korean users, downloading the remote access trojan called NavRAT. Hackers are using spear phishing emails with an Encapsulated PostScript (EPS) object in order to execute malicious shellcode on the victims' systems. The RAT uses process injection method to avoid detection.
Sigrun ransomware
Sigrun ransomware has been spotted providing free decryption services for Russian victims while charging a ransom payment of $2,500 in Bitcoin or Dash for everyone else. Once infecting a system, it appends the .sigrun extension to the encrypted file's name and creates two ransom notes named RESTORE-SIGRUN.txt and RESTORE-SIGRUN.html. Users are asked to send an email to sigrun_decryptor@protonmail[.]ch for payment instructions.
DanaBot Trojan
A new banking trojan, going by the name DanaBot has been discovered by security researchers. The trojan is using emails containing malicious URLs to trick users into downloading the malware. The server checks the victim's IP geolocation and the payload is delivered only if the victim is in Australia.
Top Vulnerabilities Reported in the Last 24 Hours
Rig 's seamless campaign
Security researchers have identified Rig's Seamless campaign adding more layers before the actual landing page. Rig is exploiting CVE-2018-8174, a remote code execution vulnerability to integrate cryptocurrency-mining malware as its final payload. Employ application control to mitigate unauthorized access and stay safe.
Apple releases security patches
Apple released the iOS 11.4 update to fix the black dot bug, a technical glitch where messages appear out of order and where there are log-in problems with Google Drive, Docs, and Gmail. Getting a text message with these characters freezes the Messages app. Check for the update in the Settings app, under General -> Software Update.
Huawei provides patches for high severity bugs
Patches for four high severity bugs have been released by Huawei Technologies. The critical bugs include an authentication bypass vulnerability, privilege escalation vulnerability and two JavaScript Object Notation (JSON) injection vulnerabilities. Huawei also patched three other JSON injection vulnerabilities, rated high in severity.