Cyware Daily Threat Intelligence

Daily Threat Briefing • Oct 12, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 12, 2020
Security experts have made a big catch in the cyber landscape! After several months of investigation, a team of security experts from FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, Symantec, and the Microsoft Defender have finally taken down the infrastructure of TrickBot trojan. The experts claimed that the trojan had infected more than one million devices before it was dismantled.
In addition to this, a new threat has also been observed in the past 24 hours. Researchers have tracked a new voice phishing scam that uses the deepfake technology. As a result, a U.K.-based energy firm has lost $250,000 to fraudsters.
Top Breaches Reported in the Last 24 Hours
Software AG attacked
IoT specialist, Software AG, is the latest tech company to fall victim to a Clop ransomware attack that lasted for almost a week. There are no indications of services to the customers, including the cloud-based services, being disrupted. As per the notification on October 8, the company was struggling to fully contain the attack. Meanwhile, the hackers have claimed to have obtained more than one million files.
HomeWAV exposes data
HomeWAV, which serves a dozen prisons across the U.S, left a dashboard for one of its databases exposed to the internet without a password. This allowed anyone to read, browse, and search call logs between inmates and their family members. The call logs also showed phone numbers of the callers and the duration of calls.
NATO data leaked
A threat actor going by the online name Spectre123 has shared sensitive documents of NATO and Haveslan online. The documents include Statement of Work files, proposals, contracts, 3d designs, resumes, excel sheets containing raw materials information, and financial statements. It is unclear if the attack is a case of hacktivism or cyber espionage.
Top Malware Reported in the Last 24 Hours
Trickbot down
A team of security experts from FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, Symantec, and the Microsoft Defender took down the backend infrastructure of the Trickbot malware in a coordinated effort. The experts made it possible after spending months collecting more than 125,000 TrickBot samples. According to the coalition members, the trojan had infected over one million computers, including many IoT devices.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerable Confluence plugins
Several Cross-Site Scripting (XSS) vulnerabilities found in five of Confluence plugins have been fixed by vendors. The flaws could allow attackers to inject malicious JavaScript code into pages within the corporate collaboration platform. The affected plugins in question are PlantUML, Refined, Linking, Countdown Timer, and Server Status. The vendors have urged customers to update their installations to the latest versions.
Top Scams Reported in the Last 24 Hours
Deepfake phishing
A U.K.-based energy firm has lost almost $250,000 in a voice phishing scam using deepfake audio technology. The crime was executed by tweaking the machine learning technology, utilizing spyware, and using devices that allowed fraudsters to gather several hours of recordings of their victim. After creating the voice model, the fraudsters used it against the target.