Cyware Daily Threat Intelligence

Daily Threat Briefing • Dec 11, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Dec 11, 2020
Top Breaches Reported in the Last 24 Hours
Air France-KLM attacked
Attackers attempted to break into Air France-KLM. Initially, the criminals tried breaching into the Dutch side of the network, however, the implementation of security measures made the attackers move to the French side. The extent of the breach is as of now unknown.
UiPath breached
Tech unicorn UiPath emailed its users revealing a data breach incident, resulting in the exposure of personal information about users of UiPath Academy. The leaked information contained names, email addresses, country locations, usernames, company names, and UiPath certification details.
MySQL servers hacked
More than 250,000 databases have been compromised due to an ongoing ransomware attack that abused weak credentials on MySQL servers. The campaign was launched in January and to date, 83,000 victims have been targeted.
Top Malware Reported in the Last 24 Hours
Facebook tracked OceanLotus hackers
APT32, also known as OceanLotus, was formally linked to a Vietnamese IT company—CyberOne Group—by Facebook. The discovery came after the gang was caught exploiting Facebook to hack into people’s accounts and spread malware.
**Ransomware attacks target K-12 schools **
The FBI and CISA issued a joint warning about the rising ransomware attacks against the K-12 educational sector. The five most active ransomware targeting K-12 schools include Ryuk, REvil, Nefilim, AKO, and Maze.
Malware attacks on browsers
An ongoing malware campaign is hitting the internet with malware that disrupts the security of web browsers, adds malicious extensions, and makes changes to victims’ systems. The malware, dubbed Adrozek, has been launched against Google, Yandex, Edge, and Firefox. The malware distribution network consists of 159 unique domains that host an average of 17,300 unique URLs, which, in turn, host an average of 15,300 unique malware samples.
Top Vulnerabilities Reported in the Last 24 Hours
Critical flaws in D-Link routers
Critical vulnerabilities discovered in D-Link routers make them susceptible to zero-day attacks. The flaws include an unauthenticated remote LAN/WAN root command injection flaw (CVE-2020-25757), authenticated root command injection vulnerability (CVE-2020-25759), and an authenticated crontab injection (CVE-2020-25758). The affected models include DSR-150, DSR-250, DSR-500, and DSR-1000AC VPN running firmware version 3.14 and 3.17.
Top Scams Reported in the Last 24 Hours
Fake data breach alerts
An ongoing phishing scam is targeting Ledger wallet users with fake data breach alerts in an attempt to steal cryptocurrency. The emails state that the user has been impacted by a breach and they should install the latest version of Ledger Live to protect their assets with a new PIN.