Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence March 08, 2018 - Featured Image

Daily Threat Briefing Mar 8, 2018

Top Malware Reported in the Last 24 Hours

Adwind RAT
Spoofed emails, disguised as important Swift messages, are being used to by hackers to spread the cross-platform remote access trojan (RAT) Adwind. The RAT is configured to communicate with a the C&C server of the hacker. Once the communication is established, attackers can remotely access the file system to read, write or delete files.

FlawedAmmyy RAT
A previously undocumented RAT, called FlawedAmmyy, is being distributed through two massive email campaigns. The Trojan is based on leaked source code for version 3 of the Ammyy Admin remote desktop software. Users are advised not to open emails that come from strangers.

Dofoil Trojans
New variants of Dofoil trojan, a.k.a Smoke Loader have been blocked by Windows Defender AV. The Trojan was found carrying coin miner payloads--the are used to mine NiceHash cryptocurrency.

Top Vulnerabilities Reported in the Last 24 Hours

Patch for Java Deserialization
New security updates have been released by Cisco, for two critical vulnerabilities--including CVE-2018-0147 and CVE-2018-0141--among 20 other issues. These vulnerabilities have been patched in Cisco Secure ACS 5.8.0.32.9 Cumulative Patch and Cisco Prime Collaboration Provisioning Software Releases 12.1 respectively.

Chrome 65 update
Chrome 65, which includes 45 security fixes developed via the developer channel versions, has been released by Google for Android, Mac, Windows, and Linux users. Chrome 65 for Android and others will be available for download through Google Play in the next few weeks.

Cisco Access Control Server is vulnerable
The Cisco Access Control Server (ACS) is found to be vulnerable to remote attacks. Hackers can gain access to the Web-based user interface of the Cisco Secure Access Control Server due to the CVE-2017-12354 flaw. The flaw results in improper handling of XML External Entities (XXEs) when parsing an XML file.

Related Threat Briefings