Cyware Daily Threat Intelligence

Daily Threat Briefing • Jan 19, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jan 19, 2021
As the investigation into the SolarWinds breach continues, the plot only thickens. In a new finding, researchers revealed that the attackers had installed a new hacking tool, dubbed Raindrop, on some systems in an effort to spy on them.
Attacks by botnets also made headlines in the past 24 hours. The botnet in question is FreakOut botnet that exploits three recent flaws in applications to target Linux devices. Talking more on the exploitation of flaws, researchers have found a set of seven vulnerabilities in dnsmasq that are collectively called as DNSpooq. Some of these flaws can enable DNS cache poisoning attacks. Over 40 vendors that include Google, Cisco Systems, Siemens, Huawei, General Electric, Ubiquiti Networks, Aruba Networks, and Dell have been identified among the firms affected by these flaws.
Top Breaches Reported in the Last 24 Hours
IObit hacked
IObit, a Windows utility developer, was hacked to infect a number of its forum users with DeroHE ransomware. Researchers explain that the ransomware adds Windows Defender exclusions to allow the DLL to run. After infecting, the ransomware appends the .DeroHE extension to encrypted files and later displays a message for ransom.
Livecoin suffers due to cyberattack
Livecoin has announced its closure following a cyberattack that allegedly compromised the firm’s infrastructure and exchange rate setup. As a result, the exchange firm had lost control of its servers, backend, and nodes.
Fleek app breach
A data breach originating from the Fleek social media app has been identified by researchers. The exposed information includes explicit content of users.
AnyVan affected
AnyVan, a European online marketplace has confirmed a cyberattack that involved the theft of customers’ personal data. The incident occurred after attackers gained unauthorized access to its user database.
Top Malware Reported in the Last 24 Hours
New malware from SolarWinds
Researchers have uncovered a new hacking tool named Raindrop that was used in the recent SolarWinds supply chain attack. The tool was installed on some systems in an effort to spy on them.
FreakOut botnet’s new target
Researchers have uncovered a series of attacks against Linux devices by the FreakOut botnet. The attacks are aimed at devices running either TerraMaster Operating System, Zend Framework, or Liferay Portal.
Top Vulnerabilities Reported in the Last 24 Hours
DNSpooq vulnerability
A set of seven vulnerabilities, called DNSpooq, can leave millions of Linux-based devices exposed to cyberattacks. The flaws can allow attackers to redirect users or execute malicious code. The flaws affect dnsmasq versions prior to 2.83. Some of these flaws can enable DNS cache poisoning attacks. Over 40 vendors that include the names of Google, Cisco Systems, Siemens, Huawei, General Electric, Ubiquiti Networks, Aruba Networks, and Dell have been identified to be affected by these flaws.
Top Scams Reported in the Last 24 Hours
Text phishing scam
New York State drivers are being targeted in a new smishing scam that attempts to steal their personal information. The text message asks the drivers to update their driver’s licenses as a part of the ongoing adoption of the REAL ID Act of 2005. The message appears to be from the New York State Department of Motor Vehicles (DMV).