Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 16, 2021

Timing, perseverance, and relentless pursuit of our goals have brought us to an interesting juncture. With great pride, we want to announce that Cyware has reached another landmark in its journey by raising $30 million in Series B funding, led by Advent International and Ten Eleven Ventures.

Moving to the daily dose of threat intel, there has been a spike in events associated with Taurus stealer. Researchers have observed improvements in its evasion capabilities, which made the loader fully undetectable for almost a month in February. Moreover, credit card skimming threat actors have come up with a sneaky method to exfiltrate payment cards from compromised online stores. They are now hiding the card info in a JPG image instead of sending it to a server they control.

Top Breaches Reported in the Last 24 Hours

Blender website under attack

Parts of the Blender website are down following an attack attempt. The hack has only impacted the website’s www subdomain. Most of the infrastructure, including the Wiki, Developers portal, git repositories, and http[:]//blender[.]chat, are available. The Blender Cloud web-based service for accessing Blender training videos hosted at cloud[.]blender[.]org is also unaffected.

Cryptocurrency portals hijacked

Two cryptocurrency portals—Cream Finance and PancakeSwap services—are currently dealing with DNS hijacking attacks that redirected visitors to fake versions of their websites. The crooks attempted to collect seed phrases and private keys from visitors to gain access to wallets and steal their funds.

CRA affected

The Canada Revenue Agency locked more than 800,000 taxpayers out of its platform on Saturday after it detected unauthorized third-party access. Following the attack, the attackers had obtained access to usernames and passwords.

Top Malware Reported in the Last 24 Hours

New activities of Taurus stealer

There has been a spike in events associated with Taurus stealer. Researchers have observed improvements in its evasion capabilities, which made the loader fully undetectable for almost a month in February.

Emergence of China Chopper web shell

The infamous China Chopper web shell has been detected in Exchange Server-related attacks, alongside DearCry ransomware deployment. The web shell is one of the tools used by the Hafnium threat actor group.

New WSH-RAT version

A new variant of WSH-RAT has been found to be distributed via weaponized RTF malicious documents. The exploit used to prepare the document is the classic MS-17-11882. The RAT is claimed to be one of the most active threats in 2021.

New card skimming attempt

Card skimming threat actors are now hiding stolen payment card details in a JPG image in an attempt to evade detection. The malicious JPG image comes inbuilt with skimmer code and is stored on the infected website without the knowledge of users.

Top Vulnerabilities Reported in the Last 24 Hours

Old Linux storage bugs

A trio of security holes—CVE-2021-27365, CVE-2021-27363, and CVE-2021-27364—was found residing in the mainline Linux kernel for 15 years before security patches were issued for the same. One of them was related to privilege escalation vulnerability.

**Unpatched Exchange servers **

Over 80,000 Exchange servers are yet to receive patches for the actively exploited ProxyLogon vulnerabilities disclosed on March 2. The servers located in the United States are targeted most, accounting for 21% of all exploitation attempts, followed by the Netherlands and Turkey.

Top Scams Reported in the Last 24 Hours

Royal Mail delivery scam

A new phishing scam that pretends to be a parcel from Royal Mail is targeting users in an attempt to steal their personal and financial information. The phishing email includes a URL, along with a message that claims the recipients’ parcel is waiting for delivery. In order to create a sense of urgency, the message warns that their package will be returned back to the sender if the recipients fail to pay the asked amount.

Related Threat Briefings