Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 16, 2020

Social media platforms provide cybercriminals with an opportunity to manipulate and defraud users on a large scale in a short period of time. In the last 24 hours, Twitter was hit with one massive hacking attack wherein several high-profile accounts, such as those of Elon Musk, Bill Gates, and several other verified celebrities, were hijacked by the attackers. The hijacked accounts were used to promote a fake cryptocurrency giveaway scam.

Meanwhile, several major software vendors released dozens of security updates for their products. While Oracle came out with a set of 443 security patches for a variety of its enterprise products, Cisco issued 31 fixes for vulnerabilities in its small business routers and firewall.

Top Breaches Reported in the Last 24 Hours

Massive Twitter hack

A number of high-profile Twitter accounts were hacked by attackers who used the celebrity and organizational accounts, with millions of combined followers, to promote a fake cryptocurrency giveaway. The attackers are believed to have exploited a Twitter admin tool to execute the hack.

Bhinneka data dump

Cybercriminals dumped a stolen database from Indonesia’s largest online store, Bhinneka, on a hacker forum. The database contained over 1.2 million account records with users’ personal information such as full names, addresses, emails, gender, contact numbers, social media IDs, and salted passwords, among other details.

Property management company leak

An unsecured AWS S3 storage server belonging to the Wellington, New Zealand-based company, LPM Property Management, exposed more than 31,000 files. The exposed files mostly included images of users’ passports, driver’s licenses, evidence of age documents, and others.

Top Malware Reported in the Last 24 Hours

Bazar backdoor link with TrickBot

Researchers found links between the Bazar backdoor and the infamous TrickBot banking trojan. Both malware were found using the same WinAPIs, custom RC4 implementation, and heavy obfuscation, and also shared similar attack tactics.

Top Vulnerabilities Reported in the Last 24 Hours

Oracle security patches

This week, Oracle released its quarterly Critical Patch Update (CPU), which includes a total of 443 new security patches. Out of these, more than half the addressed vulnerabilities are remotely exploitable without authentication. The two most severe of these security flaws are in Oracle’s SD-WAN Aware and SD-WAN Edge solutions, tracked as CVE-2020-14701 and CVE-2020-14606, respectively. Both the flaws were rated with a CVSS score of 10.

Cisco router flaws

Cisco released a set of 31 security patches this week for its Small Business RV series routers, firewall, and Prime License Manager. The patches addressed different vulnerabilities including remote code execution, authentication bypass, arbitrary code execution, and privilege escalation, and static default credentials.

Vulnerabilities in LibreHealth EHR

Security researchers from Bishop Fox discovered five high-risk vulnerabilities in the open source electronic health record (EHR) system from LibreHealth. The vulnerabilities present in LibreHealth EHR v2.0.0 could allow unauthenticated attackers to compromise its underlying server and gain access to sensitive patient health information and health records.

Top Scams Reported in the Last 24 Hours

HMRC tax relief scam

A new email phishing scam that aims to harvest Her Majesty's Revenue and Customs (HMRC) credentials and sensitive personal information was recently discovered. The scam targets U.K. workers with the pretense of offering between £2500 and £7500 in tax grants for unemployment assistance during the COVID-19 pandemic.

Related Threat Briefings