Cyware Daily Threat Intelligence
Daily Threat Briefing • Dec 3, 2021
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Dec 3, 2021
‘Patch early, patch often,’ this is what the CISA recommends as it issues a new list of actively exploited flaws. The list currently features 306 vulnerabilities, with some as old as 2010. These vulnerabilities affect products from Cisco, Google, Microsoft, Apple, Oracle, Adobe, Atlassian, Zoho, and IBM. That’s not all. Security researchers have found a total of 226 flaws affecting nine popular WiFi routers, including the likes of Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys.
Meanwhile, a broken API became the last straw for a major hack incident at the BadgerDAO DeFi platform that enabled attackers to steal over $120 million from multiple cryptocurrency wallets.
Get ready! Now you not only have to take precautions against the Omicron virus but also Omicron viral scams. Scammers are leveraging the latest COVID-19 variant to create a sense of urgency by offering a free PCR test from the NHS.
Top Breaches Reported in the Last 24 Hours
BadgerDAO DeFi platform hacked
Hackers stole over $120 million from multiple cryptocurrency wallets linked to the BadgerDAO DeFi platform. In another instance, MonoX Finance was hacked by threat actors to steal $31 million. Both incidents were carried out by exploiting vulnerabilities in the services.
Over 300,000 records exposed
A leaky Elasticsearch database belonging to a Chinese ERP provider leaked 500MB of data containing 329,000 records of buyers. The exposed data included phone numbers, email addresses, and the billing information of buyers. The unprotected database was exposed for over a year, since November 2020.
Top Malware Reported in the Last 24 Hours
Tor2Mine malware evolves
The Tor2Mine malware has been updated with new evasion tactics. According to new research, the new variant includes a PowerShell script that can disable malware protection, execute the miner payload, and steal Windows administrator credentials. The malware variant also attempts to shut down anti-malware protection and install the miner code on compromised devices.
Top Vulnerabilities Reported in the Last 24 Hours
Popular WiFi vulnerable to 226 flaws
Security researchers analyzed nine popular WiFi routers that are vulnerable to 226 flaws. The affected devices are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys. Out of these, TP-Link Archer AX6000 has 32 flaws and Synology RT-2600ac has 30 security bugs.
Mass exploitation of Zoho ManageEngine
In a joint advisory, the FBI and CISA have warned about attackers actively exploiting a new vulnerability in Zoho ManageEngine ServiceDesk Plus to launch attacks. Tracked as CVE-2021-44077, the remote code execution flaw affects versions prior to 11305 of the software. The vulnerability has been addressed with version 11306 of the software.
CISA issues list of actively exploited flaws
The CISA has also issued a new list of actively exploited vulnerabilities, one of which is linked to Zoho’s ManageEngine vulnerability. Other vulnerable software include Qualcomm, Mikrotik, and Apache. The agency has urged organizations to update the software to stay safe.
Top Scams Reported in the Last 24 Hours
Omicron used as a phishing lure
Threat actors have started to exploit the fear around the latest COVID-19 variant Omicron to dupe users in phishing campaigns. The U.K authorities and the NHS are warning users about the phishing attack that is distributed via phishing emails. Some of these emails appear to be from the NHS offering a free Omicron PCR test. They include a malicious link that redirects recipients to a fake NHS website that asks them to provide their personal details.