Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 26, 2020

Security researchers have raised alarm about a new DoS attack. Termed as RangeAmp, the attack technique can take down websites and Content Delivery Network (CDN) servers by abusing the HTTP protocol. So far, the researchers have discovered two variants of the attack, namely RangeAmp Small Byte Range (SBR) attack, and RangeAmp Overlapping Byte Ranges (OBR) attack.

The past 24 hours also witnessed new variants of ComRAT and Sarwent malware. While the new ComRAT v4 receives commands through the Gmail web interface, the new version of Sarwent malware allows threat actors to gain access to computers through exposed Remote Desktop Protocol (RDP) port.

Top Breaches Reported in the Last 24 Hours

AIS leaks billions of records

Thailand’s largest cell network, AIS, was found spilling billions of real-time internet records of Thai internet users. The leak occurred due to a misconfigured database containing DNS queries and NetFlow data, that was accessible on the internet without a password. AIS took the database offline as soon as it was made aware by ThaiCERT.

Databases on sale

Around 31 SQL databases are being offered for sale by threat actors. These were stolen from e-commerce websites based in different countries. Some of the databases date back to 2016. The attackers have demanded a ransom of $525 in Bitcoin from victim organizations to prevent the sale of their leaked databases.

Top Malware Reported in the Last 24 Hours

ComRAT v4

Turla threat actor group updated its ComRAT backdoor to exfiltrate antivirus logs from victim organizations. The new version, ComRAT v4, was recently used in a cyber espionage campaign targeted against three high-profile entities that included a national parliament in the Caucasus and two Ministries of Foreign Affairs in Eastern Europe. The malware receives commands through the Gmail web interface.

New Sarwent malware variant

Security researchers have uncovered a new variety of Sarwent malware that allows cybercrooks to gain access to Windows machines via the Remote Desktop Protocol (RDP) port. This new variant can also enable threat actors to create a new Windows user account on an infected system.

RangeAmp attack

A team of academics has found a new way to launch large-scale DoS attacks. Termed as RangeAmp, the technique exploits HTTP range requests to cause network congestion by amplifying the web traffic. So far, the team has discovered two variants of the attack - RangeAmp Small Byte Range (SBR) attack and RangeAmp Overlapping Byte Ranges (OBR) attack.

Top Vulnerabilities Reported in the Last 24 Hours

Flawed SCADA product

Four vulnerabilities discovered in Emerson OpenEnterprise, a SCADA solution designed for the oil and gas industry, can allow attackers to take control of systems. The four flaws originate from heap-based buffer overflow, missing authentication, improper ownership management, and weak encryption issues. Two of them are critical flaws and are tracked as CVE-2020-6970 and CVE-2020-1064. These two flaws can allow attackers to remotely execute arbitrary code with elevated privileges on devices running OpenEnterprise.

Related Threat Briefings