Cyware Daily Threat Intelligence

Daily Threat Briefing • Nov 21, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Nov 21, 2018
Top Malware Reported in the Last 24 Hours
Trickbot
A new variant of the Trickbot banking malware was discovered recently. The new variant targets the Windows system reliability and performance information and tries to steal the Windows Problem history. The TrickBot variant was found gaining access to the OS reliability database and information available in the RAC folder. Security experts are unsure as to how cybercriminals can exploit this type of data. However, the data may be useful for hackers in increasing the number of targets for phishing.
Emotet
Security researchers discovered that the Emotet banking malware takes advantage of easy-to-guess passwords to spread across networks. The malware has a number of passwords hardcoded into its module. Whenever it encounters a challenge for a password, it attempts to guess the correct one by iterating through the list. Once a guessed password becomes “correct” for a computer, it becomes easier for the malware to spread across the network.
Top Breaches Reported in the Last 24 Hours
Make A Wish Foundation
A website run by the charity Make A Wish Foundation was targeted by a cryptominer. Cybercriminals managed to infect the website with the CoinIMP mining script, which leverages the Drupalgeddon 2 flaw to mine for cryptocurrencies. The bug allows attackers to perform remote code execution on Drupal installations. Fortunately, the charity has removed the malicious miner from its website.
OSIsoft
OSIsoft was hit by a data breach that impacted the firm's employees, consultants, interns, and contractors. The breach led to hackers compromising email addresses and passwords, and even OSI domain login account names. The breach is also believed to have exposed the credentials pertaining to personal accounts. It is still unclear as to how many people have been affected by the breach. However, users who configured their external accounts to use an OSIsoft email address for password recovery or reused a previous OSIsoft password are believed to be at a higher risk of credential theft.
Top Scams Reported in the Last 24 Hours
Facebook Sharer Dialogue
A new tech support scam was discovered that involves cybercriminals leveraging Facebook's Sharer Dialogue. The Sharer dialog page on Facebook is usually used by website owners to share content. The scammers are using low-quality ad networks to redirect victims to a page that tricks them into believing there's an issue with their account. The scammers persuade victims into calling a phone number listed on the page that is operated by the attackers.
Google Maps
Cybercriminals abusing a loophole in Google Maps have tricked victims into divulging their personal data. So far, the scammers have only targeted victims in India. The scam involves fraudsters altering information on Google Maps, allowing them to redirect visitors to contacting them instead of legitimate businesses. Scammers can then pose as bank employees, customer service officials and more, tricking victims into divulging personal information.
Tax scam
The IRS is warning about a new tax scam that involves cybercriminals sending malware-laden emails purporting to be coming from the IRS. The email drops the Emotet banking malware, which is designed to steal victims' banking and email credentials.
Top Vulnerabilities Reported in the Last 24 Hours
RCE Flaws
Multple remote code execution (RCE) flaws were discovered in the TP-Link TL-R600VPN router. The lack of proper input sanitization and parsing errors are believed to have caused the flaws. The remote code execution is carried out under the context of HTTPD. An attacker can run code with elevated privileges since the HTTPD process is running under root. The bugs discovered include a server information disclosure flaw (CVE-2018-3949), a DoS flaw CVE-2018-3948, and a server fs directory RCE flaw (CVE-2018-3951). The bugs have been patched and users are advised to update to the latest software version.
Linux kernel security updates
Canonical has released new Linux kernel security updates addressing various bugs discovered. The updates fix CVE-2018-15471, in Linux kernel’s Xen netback driver, an integer overflow bug, CVE-2017-13168 discovered in Linux kernel’s generic SCSI driver and CVE-2018-9363, an integer overflow issue in the HID Bluetooth implementation that could allow an attacker to either crash the system or execute arbitrary code. Users are advised to update the kernel packages to the newest versions.