We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Nov 1, 2021

You might get hacked even if you are living a life of luxury. Hackers made their way into a luxurious hotel chain and high-profile jeweler, stealing personal details of hotel guests and A-list clients, respectively. Meanwhile, Iranian cybercriminals breached an internet hosting company in Israel and published stolen details on a messaging platform.

The popularity of Squid Game has reached the ears of everyone, including digital imposters. A large hacking group is employing Squid Game lures to spread Dridex malware via emails. In another news, cybercriminals were found selling Snake password-stealing trojan on dark web forums. Not to forget the vulnerabilities that are discovered every day. The bugs identified in VPN devices, a WordPress plugin, and computer code compilers came to the limelight.

Top Breaches Reported in the Last 24 Hours

Millions of records stolen from hotel chain

The Desorden hacker group professes to have hacked and stolen 400GB of data owned by the Thai luxury hotel chain Centara Hotels & Resorts. The hackers have access to files and databases from five company servers that contain details of millions of hotel guests, as well as financial and corporate information.

Black Shadow breaches Israeli firm

Apparently, Iran-linked hackers, Black Shadow, have breached an Israeli internet hosting company, knocking down several of its sites and making them unavailable to users. The impacted websites include Israeli public transport companies Dan and Kavim, public radio’s online blog, and a children’s museum. The group published client data, including the names, phone numbers, and email addresses of Kavim clients on Telegram.

Conti gang hits a high-society jeweler

The Conti ransomware gang attacked a multinational**** jeweler Graff and demanded a multi-million ransom to keep away from leaking details of an elite group of people. As evidence of the hack, the group published 69,000 confidential files related to purchases made by Donald Trump, David Beckham, and Oprah Winfrey on its leak site.

Top Malware Reported in the Last 24 Hours

Snake bites hard

Attackers are selling Snake malware on dark web forums for $25. When installed on a computer, it can steal credentials from more than 50 apps, including web browsers, email clients, and IM platforms. The popular programs targeted by Snake include Chrome, Outlook, Edge, Discord, Firefox, Thunderbird, and more.

Researchers uncover something ‘Pink’

Cybersecurity researchers disclosed details of Pink, the largest botnet observed in the last six years. With an aim to launch DDoS attacks and insert advertisements into HTTP websites visited by unsuspecting users, Pink has infected more than 1.6 million devices, till date, primarily located in China.

Be aware of the Squid Game lures

A large cybercrime group, TA575, is capitalizing on the popularity of Squid Game to disseminate the Dridex malware. The group sends emails pretending to be a part of the show, asking people to download malicious attachments or fill out forms with sensitive information.

Top Vulnerabilities Reported in the Last 24 Hours

WordPress bug puts million sites at risk

The vulnerabilities in the WordPress plug-in, OptinMonster, would have allowed attackers to export critical information and add malicious code or JavaScript to all affected WordPress sites. The plug-in—vulnerable to high-severity bugs—was installed in over one million websites and now has been patched.

**Trojan Source abuses most computer code **

Researchers discovered a bug, dubbed Trojan Source, that affects most computer code compilers and several software development environments. The vulnerability is a component of Unicode, the digital text encoding standard that allows computers to exchange information irrespective of the language used.

APTs exploit Pulse Secure VPN devices

State-sponsored groups gained remote access over VPN devices used by victims across the U.S and Europe. They deployed 16 malware families to exploit Pulse Secure VPNs, bypassed multifactor authentication to steal credentials, and spread laterally into private networks to access Microsoft 365 public cloud or other virtual environments.

Related Threat Briefings