Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence June 25, 2021 - Featured Image

Daily Threat Briefing Jun 25, 2021

Hackers are leveraging cracked software to become crypto-rich. The cyber threat landscape has witnessed a new cryptocurrency mining malware called Crackonosh that mined $2 million of Monero from over 200,000 hacked computers. Indicators left by the malware suggest its authors may be from the Czech Republic.

Alert! Widespread exploitation of Zyxel routers and VPN devices has been reported by the networking device manufacturer. The organizations being targeted are those using Zyxel Unified Security Gateway (USG) and ZyWALL, the USG FLEX combined firewall and VPN gateway, among others. The company has suggested maintaining a proper security policy for remote access to reduce the attack surface.

Top Breaches Reported in the Last 24 Hours

DreamHost leaks data

Los Angeles-based web hosting provider DreamHost had left exposed around 86.15GB of data for the past three years due to a leaky database. The database contained over eight billion records with names, email addresses, and WordPress login location URLs of users.

Top Malware Reported in the Last 24 Hours

Crackonosh malware

A new strain of cryptocurrency mining malware that abuses Windows Safe mode to launch its attack has been discovered. Dubbed Crackonosh, the malware spreads via pirated and cracked software on torrents, forums, and warez websites. The infection chain begins with the drop of an installer and a script that modifies the Windows registry. So far, the malware has mined $2 million of Monero from 222,000 hacked computers.

Top Vulnerabilities Reported in the Last 24 Hours


Zyxel routers and VPN devices exploited

Zyxel has issued an alert that attackers are actively targeting its routers and VPN devices to change configurations and gain remote access to networks. The attacks are targeted against organizations using Zyxel Unified Security Gateway (USG) and ZyWALL, the USG FLEX combined firewall and VPN gateway, among others. The company has suggested maintaining a proper security policy for remote access to reduce the attack surface.

Fortinet issues a patch

A high-severity vulnerability found in the FortiWeb Web Application Firewall (WAF) has been patched by Fortinet. Tracked as CVE-2021-22123, the flaw can allow a remote attacker to execute commands on the system via the SAML server configuration page.

Top Scams Reported in the Last 24 Hours

FINRA phishing campaign

FINRA is notifying all U.S. brokerage organizations of a continuing phishing operation impersonating FINRA Support. The email asks the victims to take a look at the attached report that requires an immediate response. According to the regulator, the emails may not include an attachment.

Related Threat Briefings