Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 27, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 27, 2022
Phishing is considered the quickest attack vector when it comes to extracting financial data, credentials, and sensitive personal information. Researchers spotted one such phishing campaign impersonating DHL and sneakily pilfering names, phone numbers, and payment card data using Telegram bots. Besides, Nuki Smart Locks were found flooded with nearly a dozen high-severity vulnerabilities. The bugs could give rise to DoS conditions, code execution, data spillage, privilege escalation, and more.
Web3 firms continue to be highly targeted by cybercriminals. Of late, a hacker group infiltrated a decentralized music streaming service via a bug that has been live since the contracts were deployed. In fact, two in-depth security assessments could also not identify the bug.
DeFi music platform lost millions
Hackers siphoned off about $6 million from Audius, a decentralized music platform on the Ethereum blockchain. Minutes after the incident, authorities froze several services to contain the attack. It was found that hackers abused a bug in the contract initialization code that allowed them to perform repeated invocations of the initialized functions.
Ransomware attack targets WorlFly
The primary website of WordFly, a digital communication and marketing platform, fell victim to a ransomware attack. As a consequence, WordFly’s website and services remained unavailable. The first network disruption was observed on July 10. Hackers stole some of their customer data but the company claims they weren’t sensitive.
Predator spyware planted against Greek lawmaker
European Parliament found that a Greek lawmaker was targeted by Predator, a high-end surveillance tool. The target received a message on his phone that read "Let's get a little serious about this, my friend, we have something to win.” It reportedly contained a malicious link that could download the spyware just through a single click. Apparently, he didn’t click on the embedded link.
LockBit and BlackMatter
Trend Micro researchers underlined similarities between the latest iteration of the LockBit ransomware and BlackMatter. Experts noted overlaps in the privilege escalation and harvesting routines used by attackers to identify APIs required to discontinue running processes and other operations. Further, the use of anti-debugging and threading techniques to avoid detection are also coinciding.
Several critical bugs in Nuki Smart Lock
NCC Group disclosed 11 critical bugs in multiple versions of Nuki Smart Locks. The report suggests that the firm couldn’t implement SSL/TLS certificate validation on its Smart lock and Bridge devices, letting attackers perform man-in-the-middle attacks. Similarly, other flaws could allow an attacker to run arbitrary code, access sensitive data, impersonate an authentic user, and more.
Scammers imitate DHL
Sucuri has uncovered a phishing campaign involving fake landing pages for DHL, the popular courier and package mailing service. It creates a fake emergency related to an undispatched order. An unsuspecting user clicking on the ‘Continue’ button is redirected to a page to enter their personal information such as name and contact information. In the next phase, scammers request a one-time payment fee of $1.49 to process the undelivered package.