Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jan 14, 2021

Scammers are off to a great start in 2021 as details of a new and complex Classiscam scheme come into the limelight. Reports reveal that the ongoing widespread scam-as-a service has enabled around 40 cybercriminal gangs to steal over $6.5 million in the year 2020 alone. The modus operandi of the scam involves luring online buyers to pages mimicking classified ads.

Meanwhile, Cisco has announced that over 70 vulnerabilities found in some of its router products will not be fixed as they have reached End-Of-Life. The affected products are Cisco’s Small Business RV110W, RV130, RV130W, and RV215W routers.

Top Breaches Reported in the Last 24 Hours

Unsecured database

An unsecured Microsoft Azure Blob belonging to Nohow International was exposed online for a week before it was secured. The database contained sensitive documents of over 12,000 U.K. workers. The exposed information included details on National ID cards, passports, birth certificates, tax returns, and national insurance cards.

Top Vulnerabilities Reported in the Last 24 Hours

Flawed Orbit Fox plugin fixed

Two security vulnerabilities found in an Orbit Fox WordPress plugin have been fixed with the release of the latest versions. The flaws are related to privilege escalation and stored cross-site scripting problems. They can be exploited to take control of a website.

Unpatched Cisco routers

Over 70 vulnerabilities in Cisco’s Small Business RV110W, RV130, RV130W, and RV215W routers have been planned not to be fixed as these devices have reached EOL. The security bugs exist because user-supplied input to the web-based management interface of the affected router series is not properly validated, thus allowing an attacker to send specially-crafted HTTP requests to exploit these issues.

Top Scams Reported in the Last 24 Hours

Newly discovered Classiscam operation

A newly uncovered Russia-based cybercrime operation dubbed Classiscam has helped classified ads scammers steal more than $6.5 million from users in the U.S, Europe, and former Soviet states. The scam operation began in early 2019, targeting only users of Russian online marketplaces and classified ad portals. The gang expanded to other countries only last year. Currently, Classiscam is active in more than a dozen countries and on foreign marketplaces such as OLX, Fan Courier, Sbazar, DHL, and Allegro.

Related Threat Briefings