Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 9, 2022

Phishing is a simple yet powerful technique to trick people. A hacker group has been redirecting users to LogoKit, a malicious phishing kit, through open redirect vulnerabilities in online services and apps. Sadly, not many online services treat these bugs as critical. Moreover, email phishing worked on an employee at an email marketing firm, letting a hacker successfully harvest crypto-related user data. The stolen data is now at the mercy of hackers.

Windows 11-supported CPUs have found themselves in new trouble. Windows devices supporting the newest Vector Advanced Encryption Standard (VAES) were found exposed to a data loss risk owing to security lapses. Microsoft says users may have experienced some performance glitches, hence, advised to install updates.

Top Breaches Reported in the Last 24 Hours

Data incident at Klaviyo

Email marketing firm Klaviyo disclosed a breach wherein an unauthenticated user stole an employee's credentials via a phishing attack. The hacker accessed its internal systems and downloaded information regarding cryptocurrency-related accounts. The victim firm also issued a warning to customers against targeted phishing or smishing attacks using the stolen data.

Misconfigured AWS bucket

PlatformQ, a provider of digital engagement solutions for healthcare and educational institutions, has experienced a data exposure event in the wake of an unprotected database server. Findings by VPNOverview suggest that it concerns the data of roughly 100,000 doctors, nurses, and other healthcare professionals employed with major hospitals across the U.S.

Top Malware Reported in the Last 24 Hours

New botnet enslaves over 3,000 hosts

Qihoo 360's Netlab has unearthed the new Orchard botnet using Bitcoin creator Satoshi Nakamoto's account transaction information to generate the DGA domain name. DGA is a technique for botnets to hide their C2 servers. The botnet is primarily used to fetch additional payloads onto a targeted system. Orchard has reportedly been revised thrice since February 2021.

LogoKit via open redirect vulnerabilities

Researchers at Resecurity have observed hackers using open redirect vulnerabilities in online service domains and apps, such as Snapchat, to bait unsuspecting users. The use of this tactic allows hackers to deliver phishing content while dodging spam filters. The specially crafted URLs lead users to malicious resources with a phishing kit called LogoKit.

Top Vulnerabilities Reported in the Last 24 Hours

Windows systems found flawed

Microsoft announced that Windows devices that support the newest Vector Advanced Encryption Standard (VAES) are vulnerable and can impact data on Windows 11 and Windows Server 2022. The vulnerable devices use either AES XEX-based tweaked-codebook mode with ciphertext stealing (AES-XTS) or AES with Galois/Counter Mode (GCM) (AES-GCM) on the new hardware. Windows Updates KB5014746 and KB5014019 address the issue.

Two vulnerabilities in Exim, one critical

Mail transfer agent Exim was found affected by a couple of flaws, with one of them falling in the most severe category for allowing remote code execution. The critical flaw, identified as CVE-2022-37451, can allow an attacker to perform command execution as a root user and then install programs to manipulate data or create a new account. Exim versions prior to 4.96 are impacted by the flaws.

Top Scams Reported in the Last 24 Hours

Classiscam forays into Singapore

Classiscam, a well-coordinated, high-profile scam-as-a-service has reached Singapore, after strolling around 64 countries in Europe and Asia. Experts at Group-IB say these scammers act as legitimate buyers but have the intention to harvest users’ payment data. Notably, cybercriminals rely heavily on Telegram bots for their operation. The scammer gang was the most active during the pandemic.

Related Threat Briefings