Cyware Daily Threat Intelligence

Daily Threat Briefing • Mar 1, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Mar 1, 2019
Top Breaches Reported in the Last 24 Hours
UN aviation agency conceals a serious hack
According to Canada’s public broadcast report, the Montreal-based United Nations aviation agency maintained silence over a hack that resulted in the spread of malware throughout the airline industry. The hack was conducted by gaining access to computers of the agency in the question. The attack gave hackers access to the passwords of more than 2,000 ICAO users. As a result, they could read, send or delete emails. The attack had occurred in November 2016.
Iranian hackers linked to Australian Parliament attack
A report from Los Angeles-based Resecurity has revealed that Iranian hackers are behind the recent attack at the Australian Parliament House. The attack which occurred on February 8, 2019, is believed to be a part of a multi-year cyberespionage campaign conducted by an Iranian-backed hacking group called Iridium. This threat actor group primarily targets organizations in Australia, Canada, New Zealand, the U.K. and the U.S to steal sensitive and confidential information.
Top Malware Reported in the Last 24 Hours
Fake Browser updates deliver malware
Security researchers have come across a new malicious campaign that leverages fake browser updates to deliver a variety of malware. The hack is performed by injecting either link to an external script or injecting the whole script code into the hacked web pages. This affects Firefox, Chrome, Internet Explorer and Edge browsers. When users visit any of these browsers, they are shown a message that says it is an ‘Update Center’ for their browser type. It asks them to install the update to stay safe from the loss of personal data.
PIK-Group targeted with a new malware
Security experts have come across a new malware that is designed to target PIK-Group. The malware is found to have ransomware, Trojan and miner capabilities. Once the malware is installed, it conducts a brute force attack against multiple sites, while looking for weak credentials. When it finds such weak credentials, it installs itself into the WordPress website maintaining the original name: “pik.zip”.
A new version of Qbot
A new version of banking credential-stealing Qbot malware has been discovered recently. It retains the anti-analysis polymorphism features of the original malware. Once installed on a network, the malware variant starts brute-forcing network accounts from the Active Directory Users group.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerability in Cobalt Strike
An unidentified vulnerability discovered in the Cobalt Strike penetration testing tool is helping researchers to expose the locations of thousands of malware command-and-control (C2) servers. The tool in question is frequently used by cybercriminals to host their C2 servers and deploy malware on company networks. According to researchers, the NanoHTTPD server accidentally added additional space in the server's HTTP responses. This extra whitespace made it easy to detect Cobalt Strike communications between beacons and their C&C servers throughout the last year.
A flaw in Cisco routers
A critical flaw dubbed as CVE-2019-1663 has been found in the web-based management interface of some Cisco VPN routers and VPN firewall. The flaw can allow attackers to execute arbitrary code on the affected device. Following the discovery of the flaw, Cisco has released security patches for the affected devices. Users are advised to apply the updates as soon as possible.
A bug in Mr.Coffee coffee maker
A critical vulnerability has been discovered in Mr.Coffee coffee maker with Wemo. The bug can let a malicious actor intercept traffic from the device and even schedule the machine to make coffee without the owner’s permission. The bug exists in the way connectivity is provided by Wemo.