Cyware Daily Threat Intelligence

Daily Threat Briefing • Jan 18, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jan 18, 2021
Magecart groups are setting their eyes on more digital skimming attacks as they reshape their evasion tactic. They are now hiding their JavaScript skimmers, phishing domains, and other malicious tools behind a bulletproof hosting service called Media Land.
Not a day in cyberland has passed without news about ransomware attacks. Now, the Scottish Environment Protection Agency (SEPA) has disclosed its struggle for almost a month due to the attack. To add more to the woes, the Conti ransomware gang has published around 1.2 GB of data stolen from the agency.
Top Breaches Reported in the Last 24 Hours
SEPA attacked
After a month of the attack, the ransomware gang has published around 1.2 GB of data stolen from the Scottish Environment Protection Agency (SEPA) on the internet. This includes personal information related to the SEPA staff. The agency is currently struggling with the recovery process.
Top Malware Reported in the Last 24 Hours
Bulletproof hosting service
Several Magecart groups are hiding their JavaScript skimmers, phishing domains, and other malicious tools behind a bulletproof hosting service called Media Land. Researchers have found several domains registered with Media Land since 2018 using at least 2 email addresses and other aliases.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerable FTTH ONT routers
At least 28 backdoor accounts and several other vulnerabilities have been found affecting the firmware of a popular FTTH OTN router, widely used across South America and Southeast Asia. The issues include problems related to authentication, hardcoded passwords, and privilege escalation.
VoIP vulnerability
Open source servers that power VoIP platforms have been urged to apply software updates owing to the remote code execution vulnerability in CoTURN. Attackers can exploit the flaw to bypass CoTURN servers’ default access control rules and access network services behind the firewall.
Top Scams Reported in the Last 24 Hours
Sextortion scam on a rise
The U.K Police was warned about the increased rate of sextortion scam during the pandemic. For this, the scammers are leveraging Facebook, Zoom, and popular dating apps. Therefore, the federal authorities have asked the citizens to be vigilant of such scams and not share personal details.
Vishing attacks
The FBI has issued a notification of ongoing vishing attacks that are aimed at stealing corporate accounts and credentials for network access and privilege escalation from employees worldwide. During the attack, the attackers trick the targeted employees into logging onto a phishing webpage.