Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 10, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 10, 2021
With the expansion of the attack surface, cybercriminals have a lot of opportunities to come up with ingenious schemes to proliferate. One such threat actor was found leaking a million card details for free on hacking forums to promote their carding marketplace. Talking about creative scams, a fake phishing site is targeting scammers and thieves. Karma? Can’t say.
In another vein, specific Synology devices are being targeted by a new ransomware variant that has already claimed quite a few victims. Lastly, an authentication bypass flaw was found being exploited in the wild to target routers and IoT devices.
Top Breaches Reported in the Last 24 Hours
Joplin pays ransom
The City of Joplin was hit by a ransomware attack last month, leading to shutting down the government’s computer systems to contain the threat. The insurer paid a ransom of $320,000 to stop the attackers from leaking the stolen data. Investigation into the attack ensues.
**Chanel Korea apologizes **
A recent cyberattack on Chanel Korea leaked the personal data—names, phone numbers, dates of birth, and shopping histories—of some customers. The company apologized for the security incident and claimed to have blocked the IP address of the hacker.
Credit cards stolen
A new criminal carding marketplace—AllWorld Cards—is being promoted by a threat actor who has published a million credit cards stolen between 2018 and 2019. As per a ransom sampling of 98 cards, 27% of them were still active.
Top Malware Reported in the Last 24 Hours
I(I)Spy a backdoor
A previously undocumented backdoor has been spotted by ESET researchers. Dubbed IISpy, the backdoor is executed as an extension for Internet Information Services (IIS). It is capable of evading detection, disrupting the server’s logging in, and conducting long-term cyberespionage.
New ransomware variant
A new strain of the eCh0raix ransomware is targeting Synology NAS and QNAP NAS devices. Findings until June suggest that the gang has earned quite a decent amount of ransom from Small Office and Home Office (SOHO) users.
Threat actor found stealing
ITG18—a threat actor linked to an Iranian APT group—deployed an Android backdoor to pilfer confidential information from at least 20 Iranian reformists. The campaign was active between August 2020 and May 2021 and used LittleLooter, a previously undocumented malware.
**Top Vulnerabilities Reported in the Last 24 Hours **
Auth bypass flaw abused
An authentication bypass bug in routers and IoT devices is being actively abused by threat actors. Tracked as CVE-2021-20090, the flaw was disclosed last week and affects 20 vendors and ISPs, including ASUS, ADB, Arcadyan, and British Telecom, among others.
Urgent update alert!
Pulse Secure has issued an urgent patch for a critical post-authentication RCE bug in its Connect Secure VPN devices. This patch comes after an incomplete patch issued in October 2020 for the same flaw, tracked as CVE-2020-8260.
Top Scams Reported in the Last 24 Hours
Scammers being scammed
Security researchers reported a fake version of the Briansclub[.]com carding shop that was using a similar domain to lure users. The fake website was siphoning off the funds deposited by cybercriminal users of the infamous carding shop.