Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence August 20, 2021 - Featured Image

Daily Threat Briefing Aug 20, 2021

A new and powerful variant of Mozi botnet is wandering into the town with an aim to target new networking systems. The variant in question is using DNS spoofing and HTTP session hijacking attacks to compromise endpoint systems. In the realm of malware attacks discovered in the last 24 hours, it has been found that Australians are being targeted in a new text message scam that causes the download of FluBot trojan onto their Android devices.

Meanwhile, LinkedIn users need to be vigilant about the ongoing fake job listing scheme that is being used by threat actors to accomplish their malicious purposes.

Top Breaches Reported in the Last 24 Hours

AT &T users’ data on sale

The ShinyHunters threat actor group has been found selling 70 million AT&T users’ records on an underground forum. The data on sale allegedly includes full names, social security numbers, email addresses, and dates of birth of users. The gang is selling the database for a starting price of $200,000.

Top Malware Reported in the Last 24 Hours

**A new version of Mozi botnet **

A new version of the Mozi botnet is now capable of using DNS spoofing and HTTP session hijacking attacks to compromise endpoint systems. Furthermore, it has gained new capabilities to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE.

FluBot targets Australians

Thousands of Android users in Australia have been hit by a new scam text message that distributes FluBot malware. The malware gives the attackers access to a users’ contact list, who can become potential targets.

**Top Vulnerabilities Reported in the Last 24 Hours **

Unofficial patch for PetitPotam flaw

An unofficial security patch has been released for the newly found PetitPotam vulnerability. The flaw tracked as CVE-2021-36942 is a remote code execution issue that abuses the Encrypting File System Remote (MS-EFSRPC) protocol.

Vulnerable BIND DNS software

A high-severity DoS vulnerability affecting its BIND DNS software can be exploited to crash systems remotely. The flaw is tracked as CVE-2021-25218 and affects BIND versions 9.16.19, 9.17.16, and 9.16.19-S1. Patches are included in versions ??9.16.20, 9.17.17, and 9.16.20-S1.

**A flaw in Autodesk software **

Security researchers discovered a new vulnerability in the Autodesk software component that can allow attackers to install malicious programs, modify data, or create new accounts with full user rights. The flaw, CVE-2021-27032, lies in the default permissions assigned to the Autodesk Licensing Service, which runs as a locally privileged operating system account.

Top Scams Reported in the Last 24 Hours

Fake LinkedIn job list

Scammers are creating fake job lists on Linkedin to attract eligible applicants for malicious purposes. In one such instance, victims were redirected to a phishing website that was designed to harvest their personal details.

False payment scheme

Threat actors are using fake monetization schemes to lure users and pilfer their credentials. The campaign imitates well-known banking services to send fake remittance payment documents to potential targets.

Related Threat Briefings