Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 23, 2020

Skimmer code and botnet continue to thrive with their malicious activities amid the COVID-19 crisis. In the past 24 hours, an online shopping site, powered by PinnacleCart software, has been found to be infected by a skimmer code that steals payment card information from customers. The malicious code scans for payment-related keywords on the checkout page before intercepting the data.

On the other hand, a new variant of Hoaxcalls botnet is actively exploiting an unpatched vulnerability in Zyxel Cloud CNM SecuManager to launch DDoS attacks. The new botnet variants include a total of 19 exploits.

Talking about vulnerabilities, Apple has patched two zero-day vulnerabilities affecting the Mail app in iOS. The flaws can be triggered by sending a specially-crafted email to a victim’s mailbox.

Top Breaches Reported in the Last 24 Hours

Paay exposes transaction records

A massive database belonging to Paay was left open to the public for three weeks before it was secured. The database contained about 2.5 million transaction records of merchants, online stores, and businesses. However, the data did not include cardholder names or card verification values.

UniCredit’s employees’ data on sale

Data of around 3000 employees working with UniCredit S.p.A went on sale on the dark web on April 19. The attacker who sold the data claimed to have compromised UniCredit’s systems and exfiltrated the data. The compromised information included names, email addresses, phone numbers, and encrypted passwords.

Top Malware Reported in the Last 24 Hours

Bazaloader malware

A new phishing campaign is underway that targets a company’s employees with fake customer complaints. The purpose of this campaign is to install a new backdoor, dubbed ‘Bazaloader’, to compromise a network. The malware utilizes the Blockchain-DNS resolver and its associated ‘bazar’ domain for the command and control (C2) servers.

Skimmer malware attack

An e-commerce website powered by PinnacleCart software was targeted with a skimmer malware designed to steal payment information from the checkout page. The malicious code checked for payment-related keywords like billing_address, cc_number, billingForm, paymentMethodsForm, and ccs_password. Upon finding, it intercepted and encoded the data in a file on the website’s server.

New variant of Hoaxcalls botnet

A new variant of Hoaxcalls botnet has been spotted spreading via an unpatched vulnerability in the Zyxel Cloud CNM SecuManager. The new botnet variant is capable of launching DDoS attacks. The first iteration was discovered on April 3 and since then, the researchers have detected two more variants of the botnet.

Top Vulnerabilities Reported in the Last 24 Hours

Apple patches zero-days

Apple has patched two zero-day vulnerabilities associated with the Mail app in iOS. These flaws could allow an attacker to execute arbitrary code in the Mail app or in the ‘maild process’ that assists the Mail app behind the scenes. The flaws impact iOS version 6 and 13.4.1.

Zoom updates its security measures

Zoom has added extra encryption modules as a part of security measures in the new version of its software. The update comes after a report from the University of Toronto’s Citizen Lab which found that Zoom routed some meeting encryption keys through China.

Related Threat Briefings