Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 23, 2020

Emerging sophisticated cyberattack tactics have become a major cause of headaches for cyber defenders. Lately, a new attack method named ‘Shadow’ has come to the notice of researchers. The attack method leverages vulnerable desktop PDF viewer applications such as Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, and Foxit Reader. It can be used to modify the content of digitally signed PDF documents.

In the past 24 hours, researchers also discovered a multi-modular cryptojacking botnet called Prometei. The botnet uses several techniques such as living-off-the land binaries, SMB exploits, and stolen credentials to spread across compromised networks.

Top Breaches Reported in the Last 24 Hours

Leaky college recruitment database

An unsecured Amazon S3 bucket belonging to CaptainU had leaked nearly 1 million records containing sensitive academic information of high school students. Included in the bucket were GPA scores, ACT, SAT and PSAT scores, student IDs, email addresses, home addresses, and phone numbers.

Disabled Delawareans’ data exposed

A data breach at the Delaware Department of Health and Social Service had resulted in the compromise of the private data of 350 users who received the Delaware Division of Developmental Disabilities Services support. Data compromised in the breach included full names, birth dates, primary diagnosis, and county residence.

University of York breached

The University of York has launched an investigation following a data theft incident that affected the personal details of its staff and students. The source of the breach is a cloud computing provider, Blackbaud, used by the university which fell victim to a ransomware attack in May 2020.

Top Malware Reported in the Last 24 Hours

Skimmers in PNG files

Threat actors are now injecting skimmer code into real PNG files, on compromised sites and in booby-trapped Magento repositories on GitHub, to steal payment card details of users. One such code was found injected into a googletagmanager.png on a compromised Magento 2.x site.

Prometei botnet

A new multi-modular cryptojacking botnet, dubbed Prometei, has been found using multiple methods to spread across compromised networks. The primary purpose of the botnet is to mine Monero cryptocurrency from as many systems as possible. It uses living-off-the land binaries, SMB exploits, and stolen credentials to hop from computer to computer across the infected network. So far, the botnet has affected users in the United States, Brazil, Pakistan, China, Mexico, and Chile.

RDAT tool revised

The notorious OilRig APT group has returned with a revised version of the RDAT backdoor. The malware uses steganography to hide commands and data within bitmap images attached to emails. Researchers noted the malware’s usage in a recent series of attacks against a telecom company in the Middle East.

Top Vulnerabilities Reported in the Last 24 Hours

New Shadow attack

A group of academics has found that 15 out of 28 desktop PDF viewer applications are vulnerable to a new ‘Shadow’ attack. It can let malicious actors modify the content of digitally signed PDF documents. The vulnerable applications include Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, and PDFelement, among others.

Vulnerable WordPress Plugins

Several security vulnerabilities found in CMS Made Simple and LimeSurvey WordPress plugins have been fixed by the respective vendors. While CMS Made Simple 2.2.13 has been updated to 2.2.14 after fixing five security flaws, the three vulnerabilities in LimeSurvey 3.21.1 have been fixed in the latest version 3.21.2.

Related Threat Briefings