Threat Reports

Silobreaker Daily Cyber Digest – 11 January 2019

 

 Malware

Cisco Talos release free decryption tool for PyLocky ransomware

  • The newly released tool requires the capture of the initial PyLocky ransomware C&C traffic of an infected machine to be able to decrypt files and for that reason it will only work in cases where this traffic has been monitored. This is due to the initial traffic containing information that is used in the encryption process.

Source

 

Alcatel Android smartphones had pre-installed adware apps

  • Upstream reported finding pre-installed applications on Alcatel phones belonging to the Chinese tech manufacturer TCL Corporation. The apps collect and transmit data including locations, email addresses and IMEIs to a Chinese server, and include several privacy invasive permissions.

Source

 

Ongoing Campaigns

Criminals relying on smart card technology Fuze Cards for fraud

  • Brian Krebs reported that fraudsters are relying on Fuze Cards, data storage devices that can hold account data on multiple credit cards, in order to avoid suspicion when using multiple cards at a register. If a stolen card’s transaction is declined, the criminals can press a button to change which credit card is being used to carry out the transaction.

Source

 

Ryuk ransomware being deployed interactively following TrickBot malware infections

  • FireEye observed attackers successfully demanding large ransom payments from targeted organizations. The operation, dubbed TEMP.MixMaster, is using EMPIRE and RDP connections in order to have lateral movement capabilities in victim environments. FireEye reported that it did not have evidence that Ryuk ransomware is attributable to North Korea, and surmised that the TrickBot administrator group is providing the malware to various criminal actors.

Source

 

Leaks and Breaches

202 million resumes of Chinese job seekers exposed online

  • In late December 2018, researcher Bob Diachenko discovered an unprotected MongoDB database that exposed the details of 202 million Chinese job seekers.
  • Diachenko reported that following the incident, a tool called ‘data-import’ was discovered on GitHub and is believed to have been developed to scrape resumes from different Chinese classifieds. The tool was found to contain ‘source code with identical structural patterns as those used in the exposed resumes’.

Source

 

Vulnerabilities

Patches for Windows 7 SP1 and Windows Server 2008 R2 SP1 causing network and license issues

  • Microsoft released the  KB4480960 and KB4480970 security updates on January 8th, 2019. Users are now reporting that the fixes caused their license being deactivated or resulted in them not being able to connect to network shares.

Source

 

McAfee analyse recently patched critical RCE flaw in Internet Explorer’s scripting engine

  • The vulnerability, tracked as CVE-2018-8653, is a remote code execution (RCE) flaw in Microsoft’s Internet Explorer versions 9 to 11 and has been exploited in the wild. A patch was issued on December 19th, 2018.
  • In their blog post, McAfee detailed the context of the vulnerability, its technical details and provided a proof-of-concept. They concluded their analysis with a warning that exploit kits, deploying a weaponized version of the flaw, can be expected to emerge soon and advise users to ensure their systems are able to withstand the threat.

Source

 

Juniper Networks release patches for 19 serious vulnerabilities

  • This includes a fix for a critical vulnerability, tracked as CVE-2019-0006 in Junos OS 14.1X53, 15.1, and 15.1X53 running on EX, QFX and MX units.
  • Numerous flaws affecting a wide range of Juno OS versions have also been patched. This includes those tracked as CVE-2019-0001, CVE-2019-0003 or CVE-2019-0012. The full list of vulnerabilities, including a link to the software updates, can be found on Juniper Networks’ website.

Source

 

General News

US Government shutdown leads to expired TLS certificates on .gov websites  

  • Researcher Paul Mutton found that tens of government sites can no longer be accessed or are marked as insecure due to their TLS certificates not being renewed as a result of the ongoing US government shutdown.
  • According to Mutton, users who visit these sites may be exposed to man-in-the-middle attacks, stealing their personal data, or fraud and identity theft. Sites belonging to the US Department of Justice, NASA or the Court of Appeals are some that have been affected.

Source

 

Hacktivist sentenced over DDOS attacks on healthcare organizations

  • Martin Gottesfeld was sentenced to 10 years for launching the attacks on the Boston Children’s Hospital and the Wayside Youth and Family Support Network in 2014. He carried out the attacks in dispute of a judge’s decision to award custody of a Massachusetts teen, Justine Pelletier, to the state.
  • The attacks led to over £600,000 in damages and lost donations.

Source

 

The Silobreaker Team

Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein. 

More News

  • Silobreaker Daily Cyber Digest – 23 January 2019

      Malware New ransomware family Anatova discovered on private peer-to-peer network McAfee researchers discovered ransomware, dubbed Anatova, that ciphers files before requesting a ransom...
  • Silobreaker Daily Cyber Digest – 22 January 2019

      Malware New STOP ransomware variant distributed through software cracks and adware bundles A new STOP ransomware variant is being bundled with adware and...
  • Silobreaker Daily Cyber Digest – 21 January 2019

      Malware Check Point release an update on GandCrab variant Check Point have published an update to their previous report on GandCrab, reviewing how...
View all News

Request a demo

Get in touch