Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 30, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 30, 2022
Many top cybercriminal groups operate in nexus for successful attacks. Three such campaigns were uncovered recently by security experts wherein multiple malware strains, including ModernLoader and RedLine Stealer, were used to cause damage to users and organizations. Meanwhile, things got worse for millions of indebted students in the U.S. after their personal and loan data got spilled in a cyberattack. This may lead to sophisticated hackers using their personal details and crafting phishing messages to harm them further.
Researchers have represented scenarios that hackers could exploit to steal Okta credentials of legitimate users. The trick involves requesting to change the details of existing users’ accounts by accessing admin credentials.
Russian streaming platform compromised
START, a Russian streaming service, fell victim to a ransomware attack, affecting the personal information of its 44 million customers. According to a Telegram channel, hackers have posted screenshots as proof of the stolen 72GB database. While a majority of the victims are in Russia, the incident includes millions of victims from Kazakhstan, China, and Ukraine as well.
2.5 million loan data leaked
A breach event at Oklahoma Student Loan Authority (OSLA) and EdFinancial exposed loan data for nearly 2.5 million individuals. However, the incident occurred at their technology services provider Nelnet Servicing that gives students access to their loan accounts. Officials stated that no financial account numbers or any form of payment information were exposed.
World’s top book distributor under attack
A ransomware attack crippled one of the largest distributors, Baker & Taylor, causing disruptions to its business-critical systems. The attack reportedly impacted its phone systems, service centers, and other systems. The distributor didn’t disclose the name of the ransomware family involved in the incident or confirm the data stolen.
Malware served in Amazon gift cards
Cisco Talos has reported about cybercriminals dropping ModernLoader RAT and RedLine Stealer, in three different campaigns. In one of the campaigns earlier this year, it was also observed delivering the XMRig cryptomining malware. Attackers compromise vulnerable web apps to host their malware that are delivered via files masquerading as Amazon gift cards.
Impersonation threat hovers over Okta
Researchers from cloud identity firm Permiso claimed that the legitimate process of changing credential details within Okta can be abused by an unauthenticated user to impersonate a verified user. The prerequisite to pull off this attack relies on either having Okta super administrator’s or application administrator’s credentials, which can be phished or bought through dark web leaks. If not, a hacker with the ability to bypass MFA can also steal user credentials.