Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 1, 2021

While the organizations yet to cope with the hard-hitting SolarWinds attack, another supply chain attack has landed on security experts’ investigation list. Dubbed as NightScout, the cyber-espionage operation was targeted at BigNox to deliver three malware families to victims in five countries, including Taiwan, Hong Kong, and Sri Lanka.

A clever tech support scam with unique evasion techniques has also come to the light of researchers. As a part of the scam, the phishers are manipulating Google search results to push malicious Home Depot ads.

Top Breaches Reported in the Last 24 Hours

BigNox targeted

A mysterious hacking group has targeted BigNox, a company that makes the NoxPlayer Android emulator, in a highly-targeted supply chain attack. Based on evidence gathered by researchers, a threat actor compromised one of the company’s official API and file hosting servers. So far, three malware families have been spotted being distributed through fake NoxPlayer updates to victims located in Taiwan, Hong Kong, and Sri Lanka.

UKRI attacked

The UK Research and Innovation (UKRI) is dealing with a ransomware attack that encrypted data and impacted two of its services. Currently, there is no evidence that the attackers stole any data from UKRI’s systems.

Serco hit by ransomware

British services business Serco has been hit by the Babuk Locker ransomware, impacting the firm’s European operations. The ransomware operators have further claimed to copy more than 1TB of data after hacking the network for about three weeks.

Top Vulnerabilities Reported in the Last 24 Hours

Libgcrypt issues an update

The developers of Libgcrypt have issued an urgent update to tackle a critical heap buffer overflow vulnerability arising due to an incorrect assumption in the block buffer management code. While the flaw has not been assigned a CVE number, the issue has been fixed in version 1.9.1.

Top Scams Reported in the Last 24 Hours

Tech support scam

A malicious Home Depot advertising campaign has been found redirecting Google Search visitors to tech support scams. Once visitors click on the ad, they are redirected through various ad services that ultimately end up on a page that displays an annoying message that reads ‘Windows Defender - Security Warning.’ To make detection more difficult for security professionals, it appears that the ads only redirect to the scam once every 24 hours to the same IP address.

Related Threat Briefings