Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Nov 23, 2020

The powerful TrickBot is rising from ashes after a major fall. The gang has released the 100th version of the malware, which indicates the scope of their attack. The new version includes a range of obfuscation techniques including the DLL injection technique on a legitimate Windows executable. Moreover, the gang is credited for a new lightweight reconnaissance tool called LightBot to infect high-value targets.

Talking about more malicious code, a hacker released a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices. The list of vulnerable targets include domains belonging to high street banks and government organizations from around the world.

Top Breaches Reported in the Last 24 Hours

Nearly $20 million stolen

Pickle Finance fell victim to a hack that resulted in the loss of about $20 million associated with users’ funds in DAI tokens. The attackers exploited the vulnerability in DAI PickleJar using fake swaps. Currently, the team is working on fixing the flaw.

Spotify targeted

Over 380 million records including login credentials belonging to Spotify service were leaked due to an unprotected Elasticsearch database. The origin of the database and how the fraudsters targeted Spotify are unknown. However, the firm took immediate action to isolate the issue.

E-Land affected

The South Korean fashion retail firm, E-Land, disclosed a ransomware attack that affected its company’s network. This caused the firm to shut down almost half of its operations in South Korea. The incident occurred on November 22.

Top Malware Reported in the Last 24 Hours

TrickBot’s 100th version out

The TrickBot cybercrime gang has released the 100th version of the TrickBot malware with additional features to evade detection. With this release, TrickBot is now injecting DLL into the legitimate Windows executable, wermgr.exe, directly from memory using code from the MemoryModule project. Apart from this, the gang has also released a new lightweight reconnaissance tool called LightBot to infect high-value targets.

Top Vulnerabilities Reported in the Last 24 Hours

TikTok patches flaws

TikTok has patched a reflected XSS security flaw and a bug leading to account takeover impacting the firm's web domain. The first vulnerability is related to a URL parameter on the tiktok.com domain that was not properly sanitized. This could enable attackers to execute malicious code in a user’s browser session.

GitHub fixes a flaw

GitHub has finally fixed a high severity security flaw reported to it by Google Project Zero. The bug affects GitHub's Actions feature—a developer workflow automation tool—that is highly vulnerable to injection attacks.

Exploits for VPNs released

A hacker has posted a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices. The list of vulnerable targets include domains belonging to high street banks and government organizations from around the world.

Top Scams Reported in the Last 24 Hours

Warning issued for Black Friday scam

The U.K. NCSC has issued fresh guidance ahead of the upcoming Black Friday. The agency warned that cybercriminals are seeking to exploit an increased number of online shopping transactions. It has recommended users to be vigilant of phishing emails, fake social media accounts, and phishing pages to prevent the loss of their personal data.

Related Threat Briefings