Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 11, 2020

An interesting case of a large-scale Tor relay hijack has come to notice in the last 24 hours. Since January 2020, a mysterious group has been adding servers to the Tor network with the purpose to perform SSL stripping attacks on Tor users accessing cryptocurrency-related sites. By May, the group was running 380 malicious Tor relays to execute its activities.

Apart from this, the threat landscape saw enhancements in the Avaddon ransomware and Agent Tesla trojan. While the former added a new data leak site, which currently includes 3.5 MB of documents stolen from a construction company, the later includes a new module capable of stealing credentials from applications.

Top Breaches Reported in the Last 24 Hours

Garmin pays ransom

Garmin has reportedly paid a ransom to recover a decryption key for files encrypted by the WastedLocker ransomware. The attack had occurred on July 23, affecting Garmin’s fitness-tracker services, customer-support outlets, and commercial aviation offerings. The encrypted files were appended with .garminwasted extension.

Data leak site for Avaddon launched

Avaddon ransomware operators are the latest gang to launch a data leak site. The site, currently, hosts 3.5 MB of documents stolen from a construction company.

MSU breached

The Michigan State University (MSU) has disclosed a breach that affected credit card and personal information of roughly 2,600 users. The attackers injected malicious scripts into the university’s online store to harvest customers’ data.

Hacking campaign

A large-scale hacking campaign aimed at government and university websites is underway. The hacked websites are being used to host articles on hacking social network accounts that lead to malware and scams. One of the hacked websites belongs to UNESCO.

Tor networks hijacked

A mysterious threat group has been found adding servers to the Tor network to perform SSL stripping attacks against users accessing cryptocurrency-related sites through the Tor browser. The group managed 380 malicious Tor exit relays at its peak.

Top Malware Reported in the Last 24 Hours

Agent Tesla upgraded

Agent Tesla remote access trojan now comes with additional modules to steal credentials from applications, including popular web browsers, VPN software, and FTP clients. The malware is currently popular with Business Email Compromise (BEC) scam.

Top Vulnerabilities Reported in the Last 24 Hours

Google Chrome browser bug

A zero-day Content Security Policy (CSP) vulnerability found in Chrome, Opera, and Edge browsers can allow attackers to steal data and execute malicious code. To exploit the vulnerability, an attacker first needs to gain access to the web server. The bug, which scored 6.5 on the CVSS scale, has been fixed in Chrome version 84.

vBulletin fixes RCE bug

vBulletin has fixed a zero-day preauthentication remote code vulnerability in its forum software. The flaw affects versions 5.0 through 5.4 and is tracked as CVE-2019-16759. It can allow attackers to execute any PHP command on the remote server without logging into the forum.

Vulnerable Samsung

Four vulnerabilities affecting Samsung’s ‘Find My Mobile’ feature could have been abused to perform various types of malicious activities. The flaws affected Samsung Galaxy S7, S8, and S9+ before the vendor released a patch.

Top Scams Reported in the Last 24 Hours

Office 365 users targeted

Scammers are targeting Office 365 customers in a new phishing campaign that makes use of compromised accounts. The email masquerades as an encrypted message notification related to a OneDrive for Business file. If recipients click on the link, it redirects them to a phishing site that asks for their usernames and passwords.

Fake cPanel advisory

In a recent phishing campaign, scammers sent out a fake cPanel advisory to warn recipients about fabricated security vulnerabilities. To make it look authentic, the attackers incorporated the cPanel logo in the emails. The purpose of the scam was to pilfer account credentials of users.

Related Threat Briefings