Cybersecurity week Round-Up (2018, Week 3) -Let’s try to summarize the most important event occurred last week in 3 minutes.
The week started with the discovery of a new variant of the dreaded Mirai Botnet dubbed Okiru, for the first time a malware targets ARC based IoT devices, billions of IoT devices are potentially at risk.
Kaspersky published a report on a powerful Android malware, dubbed SkyGoFree, developed for surveillance purposes by an Italian firm. The same malware was analyzed months before by researchers at CSE Cybsec in November 2017.
Interesting also the discovery of a new variant of the KillDist wiper that targeted Windows machines in financial institutions in Latin America.
Spectre and Meltdown continue to make the headlines, many users claim problems with the installed security patches.
While Oracle announces patches for the vulnerabilities affecting the Intel CPU,
- SolarWinds reported severe performance degradation for its Amazon Web Services infrastructure.
- Intel confirmed that Meltdown and Spectre patches have a variable impact and can cause unwanted reboots.
- Red Hat reverts Spectre (CVE-2017-5715) security updates due to boot issues reported by customers
Crooks continues to focus their interest on cryptocurrencies. The BlackWallet.co web-based wallet application for the Stellar Lumen cryptocurrency suffered a DNS hijacking attack that resulted in the theft of $400,000
Security researchers at Check Point have spotted a malware family dubbed RubyMiner that is targeting web servers worldwide in an attempt to exploit their resources to mine Monero cryptocurrency.
This week emerged also the activity of Lebanese APT, dubbed Dark Caracal, that is operating at least since 2012 using a powerful Android spyware. Its arsenal also includes a Windows malware and the surveillance software FinFisher
Experts from Talos group published an interesting article on North Korea Group 123 involved in at least 6 different hacking campaigns in 2017 Last year
(Security Affairs – cybersecurity)