Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jan 21, 2021

The illicit trade of stolen data continues to flourish on the dark web. Now, a data trove of 77 million user records of Nitro PDF was leaked online. BuyUCoin suffered a similar fate with sensitive personal and financial details of 325,000 users getting leaked on the dark web.

On the malware front, a new malvertising campaign, dubbed LuckyBoy, was found targeting iOS, Android, and Xbox users. Meanwhile, the attackers behind the CursedGrabber malware family made a comeback with three malicious NPM packages.

The last 24 hours also saw the discovery and mitigations for a number of critical vulnerabilities affecting software made by Cisco, SAP, Google, and Facebook, among others.

Top Breaches Reported in the Last 24 Hours

Nitro PDF database leaked

Hackers leaked a 14GB database containing the names, email addresses, and passwords of more than 77 million Nitro PDF user records for free. Moreover, the database has been added to the “Have I Been Pwned” service which lets victims to check if their data has been compromised and leaked on the Internet.

BuyUCoin user records exposed

The sensitive data of 325,000 users of the BuyUCoin cryptocurrency exchange was leaked on the dark web. It included the users’ names, e-mails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details, and deposit history.

MyFreeCams database sold on hacker forum

A database of 2 million user records belonging to MyFreeCams, an adult streaming site, is being sold on a hacker forum. In December 2020, the data was exfiltrated from the company servers via an SQL injection attack.

Top Malware Reported in the Last 24 Hours

LuckyBoy hits mobile users

A malvertising campaign, dubbed LuckyBoy, has been found targeting iOS, Android, and Xbox users by leveraging obfuscation and cloaking techniques to avoid detection. Since last month, the malware has penetrated more than 10 demand-side platforms (DSP) and impacted users in the U.S. and Canada.

More insights into SolarWinds hack

Microsoft released a report outlining the activities and the techniques of the threat actor behind the SolarWinds attack, including their anti-forensic behavior, malware delivery methods, and operational security (OPSEC).

The return of CursedGrabber attackers

Researchers reported the return of the attackers behind the CursedGrabber malware family, which utilizes brandjacking and typosquatting techniques against software supply chains. The attackers published three new malicious NPM packages designed to steal information.

Top Vulnerabilities Reported in the Last 24 Hours

Logic flaws in video chat apps

Researchers at Google discovered logic bugs in multiple video chat apps, such as Signal, JioChat, Mocha, Google Duo, and Facebook Messenger. The now-patched bugs could have allowed attackers to eavesdrop on their targets even before they accepted an incoming call.

NVIDIA patches Shield TV and GPU Display Driver

NVIDIA has newly disclosed three security flaws in Shield TV, which could lead to denial of service, escalation of privileges, and data loss. Additionally, the company also issued an updated security advisory for a number of security bugs in its GPU Display Driver.

Critical bugs in Cisco SD-WAN

Cisco issued patches for eight critical vulnerabilities in its SD-WAN solutions for business users. All these vulnerabilities, comprising buffer overflow, command injection, and insufficient input validation issues, were given CVSS scores of more than 9 out of 10.

Exploit for SAP SolMan flaw

A functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager (SolMan) product was made public on GitHub. Tracked as CVE-2020-6207 and having a CVSS score of 10, the security flaw is a missing authorization check in the EEM Manager component of SolMan.

Top Scams Reported in the Last 24 Hours

Credential stealing campaign

A new large-scale, global phishing campaign was found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to over a thousand corporate employees. The stolen credentials were, incidentally, left exposed to the public internet.

Related Threat Briefings