Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 30, 2022

Account credentials of YouTube creators and Facebook users have come under increased threat in two separate malicious campaigns. YTStealer is a new info-stealing malware that is only after YouTube content creators for their credentials. Another cybercriminal group has worked through its innovative way to lay traps in a new Facebook-themed spam. Hackers use the Messenger chatbot feature to engage users and prompt them to log in.

Another shocking news flew in from OpenSea. The NFT marketplace fell victim to a breach due to a human error at its email vendor. It has warned users that email scammers may try to lure them with spam calls, messages, and emails.

Top Breaches Reported in the Last 24 Hours

Largest NFT marketplace disclosed breach

OpenSea has confirmed experiencing a breach, owing to a security incident at its email delivery vendor, Customer[.]io. An employee downloaded email addresses belonging to OpenSea users and newsletter subscribers and shared them with an unauthorized third party. Users have been warned against phishing attacks that may stem in the wake of the leak.

Tourists' data stolen from Israel

Sharp Boys hacker group made a claim about obtaining personal and credit card data from at least five tourism-related sites in Israel. Hackers allegedly accessed the backend interface of the targeted sites. As proof of the leak, they also released a spreadsheet containing the personal information of 120,000 people.

Top Malware Reported in the Last 24 Hours

YTStealer creeps through browsers

A new campaign involving the new information-stealing malware YTStealer is targeting YouTube content creators. It is assumed that the cybercriminal group has specially crafted it to extract credentials from one single service. One notable aspect of the malware is that it uses the open-source Chacal anti-VM framework to hide from debugging and memory analysis.

Top Vulnerabilities Reported in the Last 24 Hours

Firefox fixed flaws and brought-in new privacy feature

Mozilla addressed 20 security vulnerabilities with its newly released version 102.0 of the Firefox browser. The publicly disclosed bugs, with five of them rated “High,” are listed in the CVE database. The browser has also taken a leap in ensuring the privacy of users by limiting random URLs from tracking the online activities of users.

Top Scams Reported in the Last 24 Hours

Fake Facebook page violation email

Trustwave researchers stumbled across an email phishing campaign that uses malicious Messenger chatbots to steal Facebook credentials. The email contains a message about Facebook page deletion due to some sort of possible violation of Facebook Community Standards. It provides potential victims with an “Appeal Now” button, which will take them to a phishing page for entering account credentials.

Related Threat Briefings