Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence November 30, 2017 - Featured Image

Daily Threat Briefing Nov 30, 2017

Top Malware Reported in the Last 24 Hours

Cobalt EK
Cobalt hackers have adapted to find Microsoft bugs and weaponize them for their campaigns. For instance, they exploited CVE-2017-8759, a [.]NET Framework vulnerability patched by Microsoft in September 2017. The recent campaign in November 2017 was found to be exploiting a Microsoft Office remote code execution vulnerability dubbed CVE-2017-11882.

Ursnif variants
In a recent discovery, new variants of the Ursnif malware were found using redirection attacks and malicious TLS callback techniques. The malware uses spam emails for an MYOB Supply Order to spread. The email asks users to click on a button to review attached documents.

UBoatRAT malware
A new custom Remote Access Trojan (RAT) called UBoatRAT has been identified in September 2017. The initial version of the RAT, found in May of 2017, was simple HTTP backdoor. The latest attack targets organizations related to South Korea or video games industry.

Top Vulnerabilities Reported in the Last 24 Hours

Patch released
Microsoft has brought relief to its users by releasing an updated version of Equation Editor patch. The older version worked with only English and Chinese version of the Office. The new one, KB 4011604 (Office 2007) and KB 4011618 (Office 2010) works for all languages.

Cisco WebEx vulnerability
A remote code execution vulnerability is detected in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. The Cisco WebEx players are applications that are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee.

PowerDNS XSS vulnerability
Recently, an issue has been found in the web interface of PowerDNS Recursor. A situation where the qname of DNS queries was displayed without any escaping, thereby, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.

Top Scams Reported in the Last 24 Hours

Windows tech-support scam
A few clever scammers are using a fake blue screen of death, (BSOD), messages and a bogus 'Troubleshooter for Windows' application to dupe victims into paying $25 for security software they don't need. The scammers are attempting to sell a supposed Microsoft security product called 'Windows Defender Essentials'.

Pump and dump scam
A cryptocurrency exchange platform -- Bittrex -- is cautioning users of a possible pump and dump scam. The company notified its customers that artificially manipulating the price of Bittrex trading will result in banning their accounts. Users are advised to conduct their own research and not believe articles from unauthorized sources while investing.

Fraudsters impersonate UK police
In a new scam, fraudsters in the UK are posing as the police to trick consumers out of their savings under the guise of an undercover investigation. The victim is assured the money will eventually be put back into their account, but the fraudster disappears with the cash.

Related Threat Briefings