We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 3, 2021

‘Patch early, patch often,’ this is what the CISA recommends as it issues a new list of actively exploited flaws. The list currently features 306 vulnerabilities, with some as old as 2010. These vulnerabilities affect products from Cisco, Google, Microsoft, Apple, Oracle, Adobe, Atlassian, Zoho, and IBM. That’s not all. Security researchers have found a total of 226 flaws affecting nine popular WiFi routers, including the likes of Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys.

Meanwhile, a broken API became the last straw for a major hack incident at the BadgerDAO DeFi platform that enabled attackers to steal over $120 million from multiple cryptocurrency wallets.

Get ready! Now you not only have to take precautions against the Omicron virus but also Omicron viral scams. Scammers are leveraging the latest COVID-19 variant to create a sense of urgency by offering a free PCR test from the NHS.

Top Breaches Reported in the Last 24 Hours

BadgerDAO DeFi platform hacked

Hackers stole over $120 million from multiple cryptocurrency wallets linked to the BadgerDAO DeFi platform. In another instance, MonoX Finance was hacked by threat actors to steal $31 million. Both incidents were carried out by exploiting vulnerabilities in the services.

Over 300,000 records exposed

A leaky Elasticsearch database belonging to a Chinese ERP provider leaked 500MB of data containing 329,000 records of buyers. The exposed data included phone numbers, email addresses, and the billing information of buyers. The unprotected database was exposed for over a year, since November 2020.

Top Malware Reported in the Last 24 Hours

Tor2Mine malware evolves

The Tor2Mine malware has been updated with new evasion tactics. According to new research, the new variant includes a PowerShell script that can disable malware protection, execute the miner payload, and steal Windows administrator credentials. The malware variant also attempts to shut down anti-malware protection and install the miner code on compromised devices.

Top Vulnerabilities Reported in the Last 24 Hours

Popular WiFi vulnerable to 226 flaws

Security researchers analyzed nine popular WiFi routers that are vulnerable to 226 flaws. The affected devices are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys. Out of these, TP-Link Archer AX6000 has 32 flaws and Synology RT-2600ac has 30 security bugs.

Mass exploitation of Zoho ManageEngine

In a joint advisory, the FBI and CISA have warned about attackers actively exploiting a new vulnerability in Zoho ManageEngine ServiceDesk Plus to launch attacks. Tracked as CVE-2021-44077, the remote code execution flaw affects versions prior to 11305 of the software. The vulnerability has been addressed with version 11306 of the software.

CISA issues list of actively exploited flaws

The CISA has also issued a new list of actively exploited vulnerabilities, one of which is linked to Zoho’s ManageEngine vulnerability. Other vulnerable software include Qualcomm, Mikrotik, and Apache. The agency has urged organizations to update the software to stay safe.

Top Scams Reported in the Last 24 Hours

Omicron used as a phishing lure

Threat actors have started to exploit the fear around the latest COVID-19 variant Omicron to dupe users in phishing campaigns. The U.K authorities and the NHS are warning users about the phishing attack that is distributed via phishing emails. Some of these emails appear to be from the NHS offering a free Omicron PCR test. They include a malicious link that redirects recipients to a fake NHS website that asks them to provide their personal details.

Related Threat Briefings