Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 9, 2022

Owl Labs announced a new firmware version for its existing devices that addresses a high-severity bug in devices manufactured by it. The bug lets an attacker pass through the networking traffic in Wi-Fi AP tethering mode to exploit targeted devices as wireless access points. Meanwhile, Follina continues to be a weak point for Microsoft users as new malware actors join the bandwagon to abuse the flaw.

In the last 24 hours, the threat landscape witnessed an ongoing major phishing scam aimed at billions of Facebook users. Active since September 2021, it has helped adversaries mint millions of USD.

Top Breaches Reported in the Last 24 Hours

Hundreds of millions stolen

The blockchain network at Maiar Exchange was breached to swindle 1.65 million EGLD tokens, (equivalent to an estimated $113 million) from three different wallets. The network was brought offline in the aftermath of the attack for a brief period of time. According to sources, most of the stolen funds have been either recovered or will be covered by the Elrond Foundation.

Zero-click hack against Ukraine officers?

Ukraine's State Special Communications Service confirmed that cybercriminals have started hijacking the phones of the country's public servants. Attackers are reportedly spreading malware in what may seem like a zero-click hack. A spokesperson said that, so far, no mobile devices have been compromised.

Top Malware Reported in the Last 24 Hours

New Emotet variant cripples Chrome

Proofpoint has spotted a new series of attacks involving the infamous Emotet botnet. A new version of the botnet uses a new module to pilfer credit card information stored on the Chrome browser. The campaign was active from April 4–19. The email subjects used by hackers included easy words such as ‘Salary.’

Botnets march toward Linux-based Atlassian server

Linux servers running unpatched Atlassian Confluence Server and Data Center were found to be targeted by multiple botnet operators, namely Kinsing, Hezb, and s. The three groups are known for infiltrating vulnerable Linux servers to deploy backdoors and cryptominers. After the release of the PoC exploits, security experts have observed almost a ten-fold increase in active exploitation.

Bypassing 2FA by intercepting OTPs

Cybel exposed bot-based caller ID spoofing techniques used by cybercriminals to bypass 2FA and steal one-time passwords of the users. A majority of such interception services observed provided a user interface through Telegram and Discord-based bots. Once the OPT reaches the bot operators, they could illegally access the compromised service.

Top Vulnerabilities Reported in the Last 24 Hours

Owl Labs patches critical flaws

Video conferencing company Owl Labs has fixed a severe bug impacting its Meeting Owl Pro and Whiteboard Owl devices. An attacker within Bluetooth range can abuse the bug to turn a compromised device into a rogue access point. Security researchers at Modzero discovered five different vulnerabilities in Owl’s devices, however, the remaining flaws will be resolved with future updates.

AsyncRAT meets Follina

Follina, the recently disclosed Windows vulnerability identified as CVE-2022-30190, is being abused by several malware families, including AsyncRAT. Unfortunately, the flaw in the Microsoft Support Diagnostic Tool concerns all supported versions of Windows. For now, only advisories and workarounds are available to mitigate the vulnerability; a patch is being developed.

Top Scams Reported in the Last 24 Hours

Advertising gimmick Firefox update

Malwarebytes unearthed a malvertising campaign leading to a fake Firefox update. Researchers noted that the malvertising infrastructure is essentially the same one that has been in use since late 2019. Furthermore, the campaign was distinct as, in some cases, hackers took a jibe at the same ad networks they were abusing, unless they named their malvertising gates after different ad networks.

Million-dollar worth of ad scams rock Facebook

Researchers with PIXM laid bare a massive phishing scam that abused Facebook and Messenger to trick millions of users into blurting out their account credentials while forcing them to see advertisements. While Facebook had preventive measures in place to curb the dissemination of phishing URLs, cybercriminals were able to bypass these protections.

Related Threat Briefings