Cyware Daily Threat Intelligence

Daily Threat Briefing • Nov 27, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Nov 27, 2020
A 13-year-old Bandook backdoor trojan has emerged from the shadows. Hackers affiliated with a group named Dark Caracal have unleashed a new wave of attacks against a multitude of industries to deploy digitally signed variants of the Bandook trojan. The victims span over 21 countries.
Meanwhile, a new security analysis has revealed many popular online stores are susceptible to SSL-related attacks that could allow threat actors to exploit and steal sensitive information. Some of the vulnerabilities are BEAST vulnerability (Browser Exploit Against SSL/TLS), POODLE, and DROWN.
In another research, a group of experts demonstrated a new form of Light-based attack that could enable attackers to take control of smart-home devices. Dubbed as ‘Light Commands’, the attack relies on the use of laser pointers.
Top Breaches Reported in the Last 24 Hours
Rand McNally affected
Chicago-based transportation technology firm Rand McNally is working to restore its network following a cyberattack that hit its systems earlier this week. Meanwhile, the firm confirmed that no customer data is affected by the attack.
Brazilian COVID-19 patients’ data leaked
The personal and health information of over 16 million Brazilian COVID-19 patients has been leaked online after a hospital employee inadvertently uploaded a spreadsheet on GitHub this month. The exposed sheet contained usernames, passwords, and access keys to sensitive government systems. Among the systems that had credentials exposed were E-SUS-VE and Sivep-Gripe, two government databases used to store data on COVID-19 patients.
Top Malware Reported in the Last 24 Hours
Bandook Windows trojan re-emerges
Hackers affiliated with a group named Dark Caracal are using digitally signed variants of Bandook Windows trojan to impact firms in different sectors. The firms are located in 21 different countries including Chile, Cyprus, Germany, Indonesia, Italy, Singapore, Switzerland, Turkey, and the U.S. The attack involves the use of Word documents as a lure to load malicious VBA code.
Top Vulnerabilities Reported in the Last 24 Hours
Light Commands attack
Expanding their research on light-based attacks, a group of academic researchers has now demonstrated successful attacks on other smart home systems such as smart-locks, home switches, and even cars. Dubbed as ‘Light Commands’, the attack which relies on the use of laser pointers can enable attackers to take control of smart home devices.
Drupal releases security updates
The developers of the Drupal content management system (CMS) released out-of-band security updates for vulnerabilities in PEAR Archive_Tar, a third-party library designed for handling TAR files in PHP. The flaws are tracked as CVE-2020-28948 and CVE-2020-28949, which can be exploited to bypass unserialization protections.
BEAST SSL Attacks
Several online stores are susceptible to attacks due to six known SSL vulnerabilities including BEAST, POODLE, and DROWN. These vulnerabilities can allow cybercriminals to carry out SSL-based attacks against online shops and their users.
Top Scams Reported in the Last 24 Hours
Zoom thanksgiving phishing
A massive ongoing phishing attack that pretends to be an invite for Thanksgiving over a Zoom meeting has been found luring users into sharing their credentials. The invite includes a link with a message that states, "You received a video conference invitation.” Clicking on the link will open a fake Microsoft login page hosted on Google's appspot.com domain. The phishing page prompts the user to enter their username and password.