Cyware Daily Threat Intelligence

Daily Threat Briefing • Oct 22, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 22, 2018
Top Malware Reported in the Last 24 Hours
Azorult 3.3
A new version of the powerful data-stealing malware Azorult was just released. The latest malware version comes with several new and upgraded features. Azorult can now steal more cryptocurrencies, including BitcoinGold, electrumG, btcprivate, bitcore and Exodus Eden. Alongside its wide-ranging data-stealing capabilities, Azorult now also sports a new encryption method to obfuscate the domain name, as well as a new key for connecting to the command and control server. The malware is being distributed via the Rig exploit kit as well as other sources.
DarkPulsar
Leaked NSA hacking tools DarkPulsar, DanderSpritz, and Fuzzbunch are now being used by cybercriminals to target aerospace, nuclear energy, R&D, and other industries across Russia, Iran, and Egypt. DarkPulsar has infected at least 50 organizations but security experts the true number may be much higher. Each hacking tool supports a set of plugins designed for different tasks, the FuzzBunch plugins are used for reconnaissance and hacking, while DanderSpritz plugins are used to manage infected victims. Meanwhile, the DarkPulsar backdoor acts as a bridge between the two leaked frameworks.
Top Vulnerabilities Reported in the Last 24 Hours
**JQuery plugin zero-day **
A zero-day vulnerability was recently discovered in the popular JQuery plugin. The bug has already been abused by attackers to plant web shells and take over the vulnerable web servers. The flaw affects the JQuery File Upload plugin and can open gaping security holes in multiple platforms installed on the vulnerable device. All the JQuery File Upload plugins before the version 9.22.1 are vulnerable to this issue.
Multiple flaws
Security researchers have discovered several vulnerabilities in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS. The flaws can allow attackers to gain root remote command execution access using just the victims' IP addresses. The flaws affect around 2 million devices across the globe and could allow attackers to read files, add/remove users, add/modify existing data, or execute commands with the highest privileges on all of the devices. Unfortunately, the vulnerabilities have not been patched yet.
Top Breaches Reported in the Last 24 Hours
Facepunch
Facepunch, the game studio, suffered a data breach in 2016 that compromised the data of 343,000 users. The compromised data included usernames, email and IP addresses, dates of birth and salted MD5 password hashes. Facepunch confirmed that it was aware of the incident and had informed its users at the time. However, several users claimed that they had not received any breach notifications from Facepunch.
Healthcare.gov breach
Healthcare.gov was hit by hackers, who infiltrated the Federally Facilitated Exchange’s (FFE), the sign-up system for the website. The cybercriminals stole the private information of around 75,000 people. FFE is managed by the Centers for Medicare & Medicaid Services (CMS) and is used by healthcare agents and brokers to enroll people into Obamacare plans. The website is still operating, although the Direct Enrollment pathway for brokers has been disabled temporarily.