Cyware Daily Threat Intelligence

Daily Threat Briefing • Dec 9, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Dec 9, 2020
Top Breaches Reported in the Last 24 Hours
FireEye hacked
FireEye announced that it was hacked, allegedly, by Russian hackers. The firm stated that the attackers had used “novel tools” to evade security tools and forensics. The hackers made off with red team tools that imitate the most sophisticated hacking tools.
Animal Jam breached
Animal Jam, a free-to-play pet simulator, suffered a data breach, resulting in the theft of more than 50 million player records. A database consisting of 900,000 player records, including email addresses and hashed passwords, is being sold on a hacker forum. Another 100,000 records have been leaked as a proof-of-concept sample.
APT28 in action
APT28, a Russian-backed threat group, had reportedly brute-forced several Norwegian Parliament email accounts in August. A limited number of email accounts of employees and representatives were stolen, although the nature of the stolen data has not been disclosed.
Fax company database leak
Fax Express, a New Jersey fax company, had more than 500,000 customer emails and passwords leaked on a Russian hacking forum. The database leak originated from cit0day.in leaks, a private service for cybercriminals.
Top Malware Reported in the Last 24 Hours
Phorpiex botnet activity surges
Check Point researchers unveiled that there has been a rise in infections caused by the Phorpiex botnet. Infamous for cryptomining and sextortion spam campaigns, the botnet has been discovered spreading the Avaddon ransomware.
Easy reinstall malware
Sansec researchers discovered a malware that is nearly impossible to remove deployed on various Magento-powered online stores, set to automatically activate on Black Friday. The Magecart actors targeted Magento versions 2.2.3 to 2.2.7 to inject backdoors and credit card stealer scripts.
Top Vulnerabilities Reported in the Last 24 Hours
Bugs in all Kubernetes versions
A medium severity security bug in Kubernetes tracked as CVE-2020-8554, can be remotely abused by attackers with basic tenant permissions to conduct low complexity attacks. The design flaw affects all versions of Kubernetes with multi-tenant clusters. The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from abusing this bug.
Top Scams Reported in the Last 24 Hours
Stealing Target gift cards
Scammers are luring victims to fake sites to check the balance on their Target gift cards. While some crooks have gone to the extent of making a fake website eerily similar to the legitimate one, others have registered a targetgiftscard[.]com domain.