Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence June 19, 2018 - Featured Image

Daily Threat Briefing Jun 19, 2018

Top Malware Reported in the Last 24 Hours

HeroRAT
A new family of Android RAT (Remote Access Trojan) has been discovered by security researchers. Dubbed HeroRat, the trojan has been abusing the Telegram protocol for command and control and data exfiltration. The malware is using third-party app stores, social media and messaging apps to spread itself.

Betabot Trojan
A new trojan, dubbed Betabot, has been spreading through a multi-stage attack. The trojan uses malicious Office documents to exploit CVE-2017-11882. Even though this bug was patched by Microsoft in late 2017, several systems are still vulnerable to it. The trojan uses several obfuscation techniques, including posing as a legitimate app, to trick users.

MuddyWater campaign
A new attack method, using malicious Word documents and PowerShell scripts, has been discovered by security experts at Trend Micro. The MuddyWater cyberespionage campaign is used to gather browsing history, exfiltrate passwords, read and write files, log keystrokes, and capture screenshots.

Top Vulnerabilities Reported in the Last 24 Hours

Google to patch authentication weakness
An authentication weakness impacting Google Home and Chromecast devices has been discovered. Google is going to release a patch to this weakness by mid-July 2018. Until then, users are advised to isolate their IoT devices by using multi-router solution.

RCE Flaw in Microsoft COM for Windows
A remote code execution (RCE) flaw has been identified in Microsoft COM for Windows. By exploiting this vulnerability, hackers can use a specially crafted file or script to perform actions. The flaw is caused when Microsoft COM fails to properly handle serialized objects. A security patch has already been made available for this flaw.

UCMDB server vulnerable
A potential vulnerability, tracked as CVE-2018-6497, has been identified in UCMDB Server. The flaw affects Universal CMDB Server; DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0, and CMS Server 2018.05. Third-party security patches are made available for this issue.

Related Threat Briefings