Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Nov 24, 2020

WordPress is the most widely used web framework, both for business websites and for personal blogs. Unfortunately, this popularity attracts the attention of bad actors as well. In a newly discovered attack campaign, researchers have found threat actors targeting vulnerable WordPress sites in a bid to hijack original sites’ search engine ranking and promote online scams.

A new malware family called WAPDropper has also been found stealthily targeting Android phone users in Thailand and Malaysia to subscribe to premium services. Currently distributed in the wild, the malware is distributed via malicious apps hosted on third-party app stores.

Top Breaches Reported in the Last 24 Hours

Baidu apps leak sensitive data

A pair of Baidu apps on the Google Play Store - Baidu Search Box and Baidu Maps - was recently leaking users’ sensitive data that could be used to track users’ location. The applications had left approximately 6 million users’ data exposed, following which they were removed by Google immediately.

Peatix’s data leak incident

A data leak incident at Peatix has affected the data of more than 4.2 million registered users. The data has been leaked by a hacker through ads posted via Instagram stories, on Telegram channels, and on different hacking forums. The leaked data includes full names, usernames, emails, and salted and hashed passwords.

Corcoran Group exposes data

The Corcoran Group secured a database that was responsible for exposing a total of 30.7 million files on the Internet. The exposed files were related to property owners and included their physical addresses, names, and other details. The database was publicly accessible for nearly four months before it was secured.

Ransomware target tax files

Ransomware gangs are targeting tax software files in an attempt to harvest highly sensitive data. Some of the ransomware involved in these attacks are Mount Locker and LockBit.

LSU affected

Data of thousands of patients was exposed following a cyber attack on Louisiana State University medical centers. The incident occurred due to an intrusion into an employee’s email box on September 15.

Top Malware Reported in the Last 24 Hours

New WAPDropper malware

A new malware family called WAPDropper has been found stealthily targeting mobile phone users to subscribe to premium services. The multi-function dropper is delivered as second-stage malware and uses a machine learning solution to bypass image-based CAPTCHA challenges.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft releases an out-of-band patch

Microsoft has released an out-of-band patch for Windows to address authentication issues related to a recently patched Kerberos vulnerability. The issue (CVE-2020-17049) is related to the PerformTicketSignature registry subkey value in the Kerberos Key Distribution Center (KDC).

Faulty smart doorbells

Around a dozen smart doorbells are affected by high-risk vulnerabilities that can allow threat actors to gain unauthorized access to owners’ names, passwords, photos, emails, and locations. According to the research, the issues are related to the hardware, associated applications, and servers used to transfer data.

Hacking WordPress sites

A new cybercrime gang has been found taking over vulnerable WordPress sites to install malicious e-commerce stores with the purpose of hijacking original sites’ search engine ranking and promoting online scams. To accomplish this, the attackers are leveraging brute force attacks to gain access to the sites’ admin accounts.

VMware releases temporary workarounds

VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by attackers to take control of affected systems. The flaw, tracked as CVE-2020-4006, is a command injection vulnerability which scores 9.1 on the CVSS scale. It impacts VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.

Related Threat Briefings