We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jan 3, 2023

Financial and insurance services in Europe are under attack by Raspberry Robin (or QNAP worm) that exhibited highly sophisticated anti-analysis tactics in its latest campaign. One of the ways hackers propagated the malware was via fraudulent ads redirecting victims to infected sites. In other news, customers of a Colombian cooperative bank are being targeted by threat actors using BitRAT against them in a social engineering attack.

Furthermore, Taiwan-based networking and storage solutions provider Synology warned customers about patches addressing critical vulnerabilities in Synology VPN Plus Server and the Synology Router Manager (SRM).

Top Breaches Reported in the Last 24 Hours

Data of millions exposed in Malaysia

CyberSecurity Malaysia is investigating a massive breach concerning about 13 million individuals in the country. The alleged breach reportedly involved data from the Election Commission, Maybank, and satellite broadcaster Astro. The information exposed may include data, such as full names, dates of birth, addresses, usernames, and identity numbers.

Misconfigured server risks 6GB data

A top Enterprise Resource Planning (ERP) software provider in the U.S. was found exposing the personal information of over half a million Indian jobseekers owing to an unprotected elasticsearch server. All in all, more than 6GB worth of data was available for public access. Researchers noted that the server also exposed the company’s employee data.

Top Malware Reported in the Last 24 Hours

BitRAT operators abuse stolen data

The network of a Colombian cooperative bank was compromised to steal customer data. Now, BitRAT operators have launched a phishing campaign using stolen sensitive customer data to lure them into downloading the malware. Notably, security experts found no signs of such information on any dark web or clear web forum.

Raspberry Robin crawls across Europe

Cybercriminals were found infecting Spanish and Portuguese-speaking organizations with Raspberry Robin worm. In one instance, hackers downloaded a 7-Zip file from the compromised victim's browser. Hackers distributed the malware through fraudulent ads on malicious domains as well.

Top Vulnerabilities Reported in the Last 24 Hours

Bug advisories by Synology

Synology has issued two new vulnerability advisories informing customers about the availability of patches for multiple critical flaws. One of them discusses vulnerabilities in Synology VPN Plus Server and the other one refers to multiple flaws in the Synology Router Manager (SRM).

Related Threat Briefings