Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence May 10, 2018 - Featured Image

Daily Threat Briefing May 10, 2018

Top Malware Reported in the Last 24 Hours

**Ctrl+Inject technique **
Security researchers have found a new injection attack technique named Ctrl+Inject which can be used by hackers to hide malware inside the CLI apps in order to bypass security protections. The technique can be used to abuse the Windows CtrlRoutine function.

BitKangaroo ransomware
Ransomware developers have come up with a new tactic with a new-in-development ransomware, named BitKangaroo, to scare victims who refuse to pay any ransom. The ransomware encrypts the victim's file using AES-256 encryption and then appends all the files with .bitkangaroo extension. It then displays a 60-minute countdown after which the ransomware deletes one encrypted file. Once the file is deleted, the timer is reset to 60 minutes.

**GandCrab ransomware **
Security researchers have recently found a series of compromised websites which are being used to deliver GrandCrab ransomware. The malware is disguised as an online order which goes by the name as "Your Order # (Random Digit)". This contains a ZIP file which when clicked, downloads the malicious macros and executes the ransomware.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft's May 2018 security update
Microsoft has released the security updates for May 2018 to address a number of vulnerabilities. This also includes patches to fix remote code execution vulnerabilities -- CVE-2018-0959 and CVE-2018-0961 -- that existed in Windows Hyper-V.

New tech support scam uncovered
Researchers have discovered tech support scam, dubbed as Shoppers Stop tech scam, that compromised thousands of websites with malicious ad injections. Under this attack, the user is redirected to browser locker page that claims their computers are infected.

New attack vector discovered
A newly developed exploit has been discovered to bypass 2-factor authentication and can be used against any site. The attack is based on proxying the user through the attacker's system with a credentials phish that uses a typosquatting domain.

Related Threat Briefings