Cyware Daily Threat Intelligence

Daily Threat Briefing • Nov 28, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Nov 28, 2018
Top Malware Reported in the Last 24 Hours
Bladabindi
A new variant of the Bladabindi RAT, also known as njRAT/Njw0rm, has been spotted being distributed via removable drives. The RAT comes packed backdoor capabilities and also and can also carry out keylogging and DDoS attacks. The new variant installs a hidden copy of itself on removable drives and installs a fileless backdoor. Its propagation techniques make detection challenging.
DNSpionage
A new malware campaign has been discovered, targeting private and government entities across the Middle East. The campaign delivers a previously unknown malware dubbed DNSpionage that supports HTTP and DNS communications with the threat actors. The campaign has so far targeted Lebanese and UAE government entities, as well as a private Lebanese airline. The cybercriminals have launched five cyberattacks in 2018, one of which was detected earlier in November.
RealTimeSpy
Users of the Exodus cryptocurrency wallet have been targeted by cybercriminals, who have been delivering a spyware app dubbed RealTimeSpy onto victims' devices. The malware uses AppleScript to add itself to the user’s login pages. So far, three variants of the spyware have been deployed in 6 fake apps since 2016.
Top Vulnerabilities Reported in the Last 24 Hours
SUSE host
A security update addressing a vulnerability has been issued out for SUSE host. The security flaw is related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. The flaw is exists because of a condition caused by not delaying a bailout for an invalid authenticating user until after the packet containing the request has been fully parsed. Users are advised to use the SUSE CaaS Platform Velum dashboard that allows the complete cluster of updates to install onto a vulnerable system.
XML Digital Security
A security flaw has been discovered in xml-security-c, a library for the XML Digital Security specification. Although a CVE identifier has yet to be tagged for this bug, a patch has already been issued out, since it has been deemed as a high-security bug.
Siemens GNU/Linux subsystem
Multiple vulnerabilities were discovered in Siemens' GNU/Linux subsystem. The vulnerabilities include CVE-2018-17972, which allows a local attacker to cause a DoS condition, and CVE-2018-17182, which could allow attackers to cause a DoS condition and execute arbitrary code. Patches have not yet been deployed to fix the vulnerabilities. Meanwhile, users are advised run applications from trusted sources.
Top Breaches Reported in the Last 24 Hours
Healthcare breach
The East Ohio Regional Hospital (EORH) and Ohio Medical Valley Center (OVMC) suffered a breach forced the healthcare organizations to take systems offline and even prevented them from accepting ER patients. Both hospitals were hit by a ransomware attack that prompted both the institutions to voluntarily initiate a period of EHR downtime. The ransomware attack affected the organizations' networks which disrupted services.
Urban Massage
London-based massage startup, Urban Massage, inadvertently leaked its entire customer database. The firm's database was hosted on Elasticsearch, which was left exposed online, without any password protection The exposed database also contained over 351,000 booking records, and over 2,000 records on Urban Massage's employees, including their names, email addresses and phone numbers. Fortunately, the leaked database did not contain any financial information. The firm took down the exposed database when it discovered the breach.
Top Scams Reported in the Last 24 Hours
BEC scams
A new BEC scam campaign that capitalizes on the recent California wildfire tragedy, using it as a lure, has been discovered by security researchers. This particular campaign has been targeting employees of corporations. The cybercriminals behind the campaign were spotted sending out emails purporting to come from CEOs of the targeted organizations. The campaign tricks victims into purchasing gift cards that contain a code. The victims are then prompted to contact the attackers to verify the validity of the gift card. Presumably, once the victim contacts the attackers, he/she is once again, tricked into divulging additional personal information.