Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing January 25, 2021

These days, ransomware attackers are following up with DDoS extortion attacks to terrorize their victims. A report claims that threat actors are targeting the same set of organizations again after a failed ransom negotiation, as a part of an advanced extortion process.

Reports of dumping millions of sensitive user data on popular hacker forums have also come to the light. The data belongs to Teespring and MeetMindful and can be accessed on the underground ecosystem.

Top Breaches Reported in the Last 24 Hours

Teespring’s data leaked

A database belonging to Teespring, an e-commerce platform, has been leaked on a popular hacker forum. The files contained in the leaked archive include email addresses and last update dates for around 8 million user accounts.

Australia’s securities regulators hit

A security breach at Australia’s securities regulator has affected a server used to transfer files, including credit license applications. As a precautionary measure, the server has been disabled. The agency has confirmed that no other tech infrastructure has been breached.

Intel Corporation leaks data

An internal error in the chipmaker Intel Corp. became the root cause of a data leak. However, it confirmed that the corporate network was not impacted.

Organizations targeted again

Threat actors behind a DDoS campaign targeted the same set of victims after the organizations failed to pay the initial ransom. The report notes that the victims were targeted by the group in August or September 2020. When the victims failed to pay the initial ransom, the threat actors threatened to hit organizations with DDoS attacks.

MeetMindful data leak

Details of more than 2.28 million users registered on the MeetMindful dating website have been shared for free on a hacker forum. The leaked data includes sensitive data points such as names, email addresses, physical addresses, marital status, birth dates, and Facebook user IDs.

Top Malware Reported in the Last 24 Hours

New version of DreamBus botnet

A new version of the DreamBus botnet is targeting a wide range of apps that run on Linux systems. The targets include PostgreSQL, Redis, Hadoop YARN, Apache Spark, HashiCorp Consul, SaltStack, and the SSH service. Some of these apps are targeted via brute-force attacks.

Top Vulnerabilities Reported in the Last 24 Hours

SonicWall’s zero-day exploited

Networking device maker SonicWall is investigating a security breach that occurred due to the exploitation of zero-day vulnerabilities in its secure remote access products. The impacted products include certain versions of the NetExtender VPN client and Secure Mobile Access. Currently, patches are not available for the zero-day vulnerabilities.

Related Threat Briefings