Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence November 26, 2018 - Featured Image

Daily Threat Briefing Nov 26, 2018

Top Malware Reported in the Last 24 Hours

Linux cryptominer

A new Linux cryptominer dubbed Linux.BtcMine.174 was recently discovered. The multicomponent malware is capable of installing another malware called BillGates, which, in turn, is capable of launching DDoS attacks. The malware mined for Monero and is also capable of stealing root passwords and disabling antivirus software. The malware is also capable of searching for and deleting any rival cryptominers on the targeted system. The Trojan’s main distribution channel is the SSH self-spreading mechanism. It leverages two privilege escalation exploits CVE-2016-5195, also known as Dirty COW, or CVE-2013-2094. This is done to gain access to root permissions and obtain complete control of the operating system.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft Outlook patches

New patches for Outlook 2010 have been released by Microsoft. The updates address multiple critical vulnerabilities, more specifically the 64-bit version of the security update KB 4461529 from Microsoft November Patch Tuesday that was causing Outlook 2010 crash. The recent security update addressed the flaws - CVE-2018-8522, CVE-2018-8524, CVE-2018-8576, and CVE-2018-8582. All the bugs addressed were remote code vulnerabilities that required user interaction for exploitation. They resulted from Outlook’s failure to properly handle objects in memory.

Joomla

Multiple vulnerabilities have been found in Joomla. The bugs could allow attackers to execute cross-site scripting & SQL injection attacks. The SQL injection vulnerability exists due to insufficient sanitization of user-supplied data. Meanwhile, the XSS vulnerability exists due to insufficient sanitization of user-supplied data. Successful exploitation of the bugs could allow attackers to read, delete, modify data in the database and gain complete control over the affected application. An attacker could also steal sensitive information and conduct drive-by-download attacks on targeted systems.

Top Breaches Reported in the Last 24 Hours

FIESP data breach

Brazil has been hit by one of the largest data breaches in the history of the nation. Federation of Industries of the State of São Paulo (FIESP) has exposed millions of personal data records from three of its databases online. The databases were publicly accessible for several days before it was eventually taken offline. The organization exposed over 34 million personal records, including information such as name, personal ID number (RG number), taxpayer registry identification (CPF), gender, date of birth, full address, email, and phone number. Although FIESP took down the databases, the organization refused to acknowledge the severity of the breach.

Top Scams Reported in the Last 24 Hours

GDPR scam

Several French firms received deceptive letters, some resembling notices from a fictitious public authority and others reproducing the logo of the French data protection authority, the CNIL. Data Protection Officers who have publicly available email addresses received such phishing emails. Officials have been warned to be wary of any emails that purport to be coming from "official" sources. Data Protection Officers are also urged to carefully read the terms and conditions, and verify the nature of the services offered, as well as verify the legitimacy of any websites referred to by the email.

Related Threat Briefings