Cyware Daily Threat Intelligence

Daily Threat Briefing • Nov 23, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Nov 23, 2020
The powerful TrickBot is rising from ashes after a major fall. The gang has released the 100th version of the malware, which indicates the scope of their attack. The new version includes a range of obfuscation techniques including the DLL injection technique on a legitimate Windows executable. Moreover, the gang is credited for a new lightweight reconnaissance tool called LightBot to infect high-value targets.
Talking about more malicious code, a hacker released a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices. The list of vulnerable targets include domains belonging to high street banks and government organizations from around the world.
Top Breaches Reported in the Last 24 Hours
Nearly $20 million stolen
Pickle Finance fell victim to a hack that resulted in the loss of about $20 million associated with users’ funds in DAI tokens. The attackers exploited the vulnerability in DAI PickleJar using fake swaps. Currently, the team is working on fixing the flaw.
Spotify targeted
Over 380 million records including login credentials belonging to Spotify service were leaked due to an unprotected Elasticsearch database. The origin of the database and how the fraudsters targeted Spotify are unknown. However, the firm took immediate action to isolate the issue.
E-Land affected
The South Korean fashion retail firm, E-Land, disclosed a ransomware attack that affected its company’s network. This caused the firm to shut down almost half of its operations in South Korea. The incident occurred on November 22.
Top Malware Reported in the Last 24 Hours
TrickBot’s 100th version out
The TrickBot cybercrime gang has released the 100th version of the TrickBot malware with additional features to evade detection. With this release, TrickBot is now injecting DLL into the legitimate Windows executable, wermgr.exe, directly from memory using code from the MemoryModule project. Apart from this, the gang has also released a new lightweight reconnaissance tool called LightBot to infect high-value targets.
Top Vulnerabilities Reported in the Last 24 Hours
TikTok patches flaws
TikTok has patched a reflected XSS security flaw and a bug leading to account takeover impacting the firm's web domain. The first vulnerability is related to a URL parameter on the tiktok.com domain that was not properly sanitized. This could enable attackers to execute malicious code in a user’s browser session.
GitHub fixes a flaw
GitHub has finally fixed a high severity security flaw reported to it by Google Project Zero. The bug affects GitHub's Actions feature—a developer workflow automation tool—that is highly vulnerable to injection attacks.
Exploits for VPNs released
A hacker has posted a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices. The list of vulnerable targets include domains belonging to high street banks and government organizations from around the world.
Top Scams Reported in the Last 24 Hours
Warning issued for Black Friday scam
The U.K. NCSC has issued fresh guidance ahead of the upcoming Black Friday. The agency warned that cybercriminals are seeking to exploit an increased number of online shopping transactions. It has recommended users to be vigilant of phishing emails, fake social media accounts, and phishing pages to prevent the loss of their personal data.