Cyware Daily Threat Intelligence
Daily Threat Briefing • Jan 3, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jan 3, 2023
Financial and insurance services in Europe are under attack by Raspberry Robin (or QNAP worm) that exhibited highly sophisticated anti-analysis tactics in its latest campaign. One of the ways hackers propagated the malware was via fraudulent ads redirecting victims to infected sites. In other news, customers of a Colombian cooperative bank are being targeted by threat actors using BitRAT against them in a social engineering attack.
Furthermore, Taiwan-based networking and storage solutions provider Synology warned customers about patches addressing critical vulnerabilities in Synology VPN Plus Server and the Synology Router Manager (SRM).
Data of millions exposed in Malaysia
CyberSecurity Malaysia is investigating a massive breach concerning about 13 million individuals in the country. The alleged breach reportedly involved data from the Election Commission, Maybank, and satellite broadcaster Astro. The information exposed may include data, such as full names, dates of birth, addresses, usernames, and identity numbers.
Misconfigured server risks 6GB data
A top Enterprise Resource Planning (ERP) software provider in the U.S. was found exposing the personal information of over half a million Indian jobseekers owing to an unprotected elasticsearch server. All in all, more than 6GB worth of data was available for public access. Researchers noted that the server also exposed the company’s employee data.
BitRAT operators abuse stolen data
The network of a Colombian cooperative bank was compromised to steal customer data. Now, BitRAT operators have launched a phishing campaign using stolen sensitive customer data to lure them into downloading the malware. Notably, security experts found no signs of such information on any dark web or clear web forum.
Raspberry Robin crawls across Europe
Cybercriminals were found infecting Spanish and Portuguese-speaking organizations with Raspberry Robin worm. In one instance, hackers downloaded a 7-Zip file from the compromised victim's browser. Hackers distributed the malware through fraudulent ads on malicious domains as well.
Bug advisories by Synology
Synology has issued two new vulnerability advisories informing customers about the availability of patches for multiple critical flaws. One of them discusses vulnerabilities in Synology VPN Plus Server and the other one refers to multiple flaws in the Synology Router Manager (SRM).