Cyware Daily Threat Intelligence

Daily Threat Briefing • Nov 3, 2017
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Nov 3, 2017
Top Malware Reported in the Last 24 Hours
Zeus Panda Trojan
The banking trojan has been around for about a decade although in different avatars. It has been found using emails as the vector and also inducing infected PC users to spill their credentials by performing 'web injects'. Typically, it used fake forms to phish for user credentials. Users should be more careful and always confirm the legitimacy of the link before clicking it.
QtBot used to distribute malware
Security researchers have observed that Necurs malspam campaigns are distributing Microsoft Office documents that are abusing Microsoft Dynamic Data Exchange (DDE). Then, these documents download an intermediate downloader -- QtBot -- which is used as a replacement for malicious VBScripts. The intermediate malware is known to download TrickBot and Locky ransomware.
Top Vulnerabilities Reported in the Last 24 Hours
Savitech USB Audio driver
The driver installation package will install a root CA certificate into the Windows trusted root certificate store. To complete the process, Savitech added the root certificate package for users along with the software bundle. However, the issue here is that this process was used on Windows XP and no more needed for later operating system versions. This could be misused by hackers and impersonate websites and other services. Users are encouraged to manually remove the certificate.
OpenSSL patches flaws
The two vulnerabilities with low and medium severity, that was discovered by using Google's open source OSS-Fuzz fuzzing service. The two vulnerabilities -- CVE-2017-3736 (medium severity) and CVE-2017-3735 -- reported are fully patched. Users of OpenSSL 1.1.0 should upgrade to 1.1.0g.