Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Nov 3, 2020

Unpatched zero-day vulnerabilities can be a potential gold mine for cybercriminals to take control over systems and launch a variety of attacks. In the past 24 hours, researchers have detected a zero-day vulnerability in the Oracle Solaris operating system, being used in the wild. The flaw is being exploited actively by the UNC1945 threat actor group to hack into corporate networks. It allowed the attackers to bypass authentication procedures and install a backdoor named SLAPSTICK on internet-exposed Solaris servers.

On the other hand, a unique attack method that can enable attackers to bypass firewall protection has been demonstrated by researchers. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site which, in turn, allows attackers to circumvent restrictions and open any TCP/UDP port.

Top Breaches Reported in the Last 24 Hours

Hacking networks

A new threat actor group called UNC1945 has been found abusing a zero-day vulnerability (CVE-2020-14871) in the Oracle Solaris operating system to hack into corporate networks. The zero-day appears to have been bought from a black market for a price of $3000. The flaw allowed the attackers to bypass authentication procedures and install a backdoor named SLAPSTICK on internet-exposed Solaris servers.

Top Malware Reported in the Last 24 Hours

Google releases patches

Google has released security patches for ten vulnerabilities affecting its Chrome browser. One of the patches is for a zero-day vulnerability that is currently being exploited in the wild. Identified as CVE-2020-16009, the flaw resides in the V8 of the Chrome component that handles JavaScript code.

Malicious npm package removed

The npm security team removed a malicious JavaScript library from the npm websites that opened backdoors on computers. Named ‘twilio-npm’, the malicious package was downloaded more than 370 times before it was removed from the site.

Top Vulnerabilities Reported in the Last 24 Hours

NAT Slipstreaming attack

A researcher has demonstrated a new technique that allows attackers to bypass firewall protection and remotely access any TCP/UDP service. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site which, in turn, allows attackers to circumvent restrictions and open any TCP/UDP port.

Oracle issues an emergency patch

Oracle has issued an emergency patch for a remote code execution vulnerability affecting the Oracle WebLogic server. Tracked as CVE-2020-14750, the flaw affects versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 of the server.

Top Scams Reported in the Last 24 Hours

Sextortion scam

Scammers are using the Zoom app in a new sextortion scam with an aim to steal funds from users. The scam, which is active since October 20, has targeted a million people in the United States. As part of the scam, the users are informed over phishing emails that they have been filmed in an inappropriate state while using Zoom. The victims are further threatened with exposure of the footage if they did not pay a ransom. The email used for the scam is titled ‘Regarding Zoom Conference Call’.

Related Threat Briefings