Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence November 03, 2017 - Featured Image

Daily Threat Briefing Nov 3, 2017

Top Malware Reported in the Last 24 Hours

Zeus Panda Trojan
The banking trojan has been around for about a decade although in different avatars. It has been found using emails as the vector and also inducing infected PC users to spill their credentials by performing 'web injects'. Typically, it used fake forms to phish for user credentials. Users should be more careful and always confirm the legitimacy of the link before clicking it.

QtBot used to distribute malware
Security researchers have observed that Necurs malspam campaigns are distributing Microsoft Office documents that are abusing Microsoft Dynamic Data Exchange (DDE). Then, these documents download an intermediate downloader -- QtBot -- which is used as a replacement for malicious VBScripts. The intermediate malware is known to download TrickBot and Locky ransomware.

Top Vulnerabilities Reported in the Last 24 Hours

Savitech USB Audio driver
The driver installation package will install a root CA certificate into the Windows trusted root certificate store. To complete the process, Savitech added the root certificate package for users along with the software bundle. However, the issue here is that this process was used on Windows XP and no more needed for later operating system versions. This could be misused by hackers and impersonate websites and other services. Users are encouraged to manually remove the certificate.

OpenSSL patches flaws
The two vulnerabilities with low and medium severity, that was discovered by using Google's open source OSS-Fuzz fuzzing service. The two vulnerabilities -- CVE-2017-3736 (medium severity) and CVE-2017-3735 -- reported are fully patched. Users of OpenSSL 1.1.0 should upgrade to 1.1.0g.

Related Threat Briefings