Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 21, 2020

Secure your routers and IoT devices with the latest security updates as a newly discovered modular Peer-to-Peer FritzFrog botnet has hopped onto the scene. Active since January 2020, the botnet, so far, has affected more than 500 servers and tens of millions of machines with an aim to drop backdoor and cryptominers. Some of the victims include well-known universities in the U.S. and Europe.

Meanwhile, the University of Utah paid a ransom of $457,000 to a ransomware gang to prevent the leak of its students’ data online. The university took this major decision even after restoring the affected systems using backups.

Top Breaches Reported in the Last 24 Hours

Cooke County notifies residents

More than 2,000 residents in Cooke County have received a notification about a ransomware attack that occurred in July 2020. The incident, which is reported to be the work of REvil ransomware operators, had resulted in the breach of personal identification information of individuals. Following the attack, the operators had posted a screenshot of the stolen data on the dark web.

The University of Utah pays ransom

The University of Utah has paid a ransom of $457,000 to a ransomware gang to prevent the leak of its students’ data online. The university took this major decision even after restoring the affected systems using backups.

Top Malware Reported in the Last 24 Hours

New FritzFrog botnet

A newly discovered sophisticated peer-to-peer (P2P) botnet called FritzFrog has been active since January 2020. Written in Golang, the botnet has infected over 500 SSH servers, including the ones linked to well-known universities in the U.S. and Europe. Government offices, education and finance firms, medical centers, banks, and telecom companies are among the other affected victims.

Malicious EC2 server

An EC2 server in a financial institution’s Amazon Web Services (AWS) environment was found running a cryptominer meant for mining Monero cryptocurrency. The interesting aspect of the discovery was that the mine had not been planted by exploiting a vulnerability. Instead, it came embedded in the community Amazon Machine Image (AMI) used to create the EC2 instance.

Top Vulnerabilities Reported in the Last 24 Hours

ATM Makers fix bugs

ATM makers Diebold and NCR have deployed fixes for bugs (CVE-2020-9062 and CVE-2020-10124) that could have been exploited for ‘deposit forgery’ attacks. Such attacks can enable attackers to make quick cash withdrawals.

Google patches a bug

Following the revelation of Proof-of-Concept exploit code, Google took immediate action to patch a major security bug impacting the Gmail and G Suite email servers. The bug could have allowed a threat actor to send spoofed emails mimicking any Gmail or G Suite customers. It could have further opened doors for BEC scammers and malware distributors.

Cisco patches a critical flaw

Cisco has issued a fix for a critical flaw in its Virtual Wide Area Application Services (vWAAS). The flaw. tracked as CVE-2020-3446, scores 9.8 on the CVSS scale and can allow attackers to obtain administrator privileges.

Related Threat Briefings