Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 8, 2020

Malicious actors are devising new ways to capitalize on their targeted attacks by mining cryptocurrencies. In the last 24 hours, it has come to notice that attackers exploited a Salt software vulnerability and a deserialization flaw in Telerik UI for ASP.NET AJAX to deploy cryptominers on systems and servers.

Besides, around 26 million user accounts stolen from HomeChef, ChatBooks, and Chronicle.com were found being offered for sale by a threat actor group named Shiny Hunters. Previously, the group claimed to have sold the user records pilfered from Tokopedia, Unacademy, and Microsoft’s GitHub repositories.

Top Breaches Reported in the Last 24 Hours

HomeChef’s stolen data on sale

Shiny Hunters group, which previously offered databases of Tokopedia, Unacademy, and Microsoft’s GitHub repositories for sale, is now selling user records stolen from HomeChef, ChatBooks, and Chronicle.com. Altogether, the three databases contain 26 million accounts and are set at prices between $1,500 and $2,500.

Ruhr University Bochum attacked

The Ruhr University Bochum (RUB) shut down its central IT infrastructure after falling victim to cyberattacks between May 6 and May 7, 2020. The university is currently investigating the incident to understand the extent of the attack.

Top Malware Reported in the Last 24 Hours

Flawed Elementor Pro plugin targeted

A vulnerability in the Elementor Pro plugin for WordPress is being abused to compromise websites. The vulnerability, which has a CVSS score of 9.9, can be exploited by attackers to upload arbitrary files and remotely execute codes on the affected websites.

Blue Mockingbird campaign

An attack campaign, dubbed Blue Mockingbird, was found exploiting a deserialization vulnerability (CVE-2019-18935) in the ASP.NET open-source web framework to deploy the XMRig Monero-mining payload on Windows systems. The campaign, which started in December 2019, lasted till April 2020.

Aria-body backdoor

The Naikon APT group, which has been active since at least 2010, is delivering a new backdoor called Aria-body to carry attacks against other targets. According to researchers, the malware was delivered to the Australian government via an email from a potentially compromised asset at an embassy located in the APAC region.

New trojan variant

Since the end of April 2020, a new trojan variant is affecting banking users in Portugal. The malware is disseminated via phishing emails that impersonate the Vodafone group.

Top Vulnerabilities Reported in the Last 24 Hours

Salt vulnerability exploited

US startup Algolia has become the latest victim of a Salt vulnerability. Threat actors exploited a recently patched vulnerability, CVE-2020-11651, to install both a cryptocurrency miner and a backdoor on multiple Algolia servers.

Cisco fixes 12 high-severity flaws

Cisco has issued patches for a dozen high-severity flaws found in Adaptive Security Appliance and Firepower Threat Defense software. The updates addressed eight denial-of-service issues, an information disclosure vulnerability, a memory-leak flaw, a path traversal vulnerability, and an authentication bypass flaw.

Stuxnet-type vulnerability

Researchers have uncovered another vulnerability in Schneider Electric software similar to the one exploited by the notorious Stuxnet malware. Tracked as CVE-2020-7489, the flaw has a score of 8.2 on the CVSS scale. It affects the Schneider SoMachine Basic v1.6 engineering software.

Related Threat Briefings