Cyware Daily Threat Intelligence

Daily Threat Briefing • Nov 29, 2017
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Nov 29, 2017
Top Malware Reported in the Last 24 Hours
UBoatRAT variant
Recently, several attacks were carried out using the new variants of UBoatRAT. Specifically, the new variant targeted organizations related to South Korea and video games industry. Here malware is distributed through Google Drive to obtain the C2 address from GitHub.
Ursnif v3 emerges
A new variant of Ursnif has emerged with changes in the code injection mechanism. Ursnif v3 is developed as a redirection attack that targets business and corporate banking customers in Australia. Ursnif v3 is the first iteration of this malware that uses redirection attacks.
OSX.CpuMeaner
A new class of cryptominer trojan has come to light -- OSX.CpuMeaner. This trojan is built on an idea similar to OSX.Pwnet's, but the means and method of propagation is close to that of an adware. It's mainly present in pirated software and mines Monero cryptocurrency using the victim's hardware.
Top Vulnerabilities Reported in the Last 24 Hours
macOS flaw
A fresh security flaw has been discovered by security researchers allows root access to a mac without a root password. This vulnerability was found on macOS 10.13.1. By just entering the username and clicking ok several times would lead the hacker in. Users are advised to change their root password immediately -- as a quick fix.
Stack clash vulnerability
A vulnerability traced CVE-2010-2240 -- Stack Clash -- is known to be a privilege escalation vulnerability. It is found to be affecting Unix-based operating systems. The flaw contains seven exploits and is present in the memory management of several operating systems.
Ghostwriter attacks
A misconfiguration in Amazon S3 bucket is allowing public writes which in turn are enabling third parties to launch man-in-the-middle (MITM) attack. This attack is popularly known as Ghostwriter attack. Generally, the S3 buckets are accessed from within an enterprise network.
Top Breaches Reported in the Last 24 Hours
UK shipping firm attacked
The British shipping service provider Clarkson PLC recently reported that it has been a victim of a cybersecurity hack. The company also raised concerns that the hacker(s) behind the attack might release some of the stolen data shortly.
NSA breach
In a startling discovery, the contents of a highly sensitive hard drive belonging to a division of the NSA have been found to be left online. The virtual disk image contains over 100 GB of data from an Army intelligence project, codenamed 'Red Disk'. This disk belonged to US Army's INSCOM division.
DHS employee information risked
A home computer of a DHS employee was found to be storing personal information of around 246,000 Department of Homeland Security employees. The information included names, Social Security numbers, and dates of birth. Affected individuals have been notified and DHS has offered to provide credit monitoring service.