Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Oct 14, 2020

TrickBot has survived the takedown attempt! It has been found that the trojan operators have replaced the seized C2 servers and domains with new infrastructure. Researchers anticipate that the operators will attempt to revive their operations soon.

There has also been a discovery of a new framework named SolarSys. Built to distribute trojans, the framework is composed of JavaScript backdoors, mail worms, and multiple spy modules. It is being actively used in Brazil.

In other news, Microsoft has issued patches for 87 security vulnerabilities as part of October 202 Patch Tuesday. The affected product includes Windows, Office, Web Apps, Azure Functions, Open Source Software, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and the Windows Codecs Library.

Top Breaches Reported in the Last 24 Hours

teamDigital exposes data

teamDigital had exposed a trove of clients’ data due to misconfigured environment files. The leaked data included MastercardNexus Twitter API keys, MySQL database username, and plaintext password, and other data related to Mastercard.

Top Malware Reported in the Last 24 Hours

TrickBot returns

Days after the takedown of its backend infrastructure, TrickBot trojan is back in the picture by replacing the seized C2 servers and domains with new ones. The takedown attempt was carried out in a collaborative action from researchers of Microsoft, Symantec, ESET, and others.

New malware framework

Researchers have detected a new malware framework, named SolarSys, being actively used in Brazil. The framework, primarily used to distribute, is composed of JavaScript backdoors, mail worms, and multiple spy modules. The framework uses dozens of dynamic domain names as C2 server addresses, in addition to the DGA algorithm to generate domain names randomly.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft fixes 87 flaws

Microsoft has rolled out patches for 87 security vulnerabilities, out of which 11 are critical. The patches are for flaws affecting Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, Open Source Software, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and the Windows Codecs Library.

Adobe patches a flaw

Adobe has patched a critical arbitrary code execution vulnerability in its Flash Player. Tracked as CVE-2020-9746, the vulnerability can lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user.

Google publishes details of a flaw

Google has published details about a high-severity flaw affecting the Bluetooth stack in the Linux kernel versions below Linux 5.9 that support BlueZ. Tracked as CVE-2020-12351, the flaw can allow an unauthenticated user to potentially enable the escalation of privileges.

Cisco Talos releases advisories

Cisco Talos has released the details of several remotely exploitable DoS vulnerabilities in the Allen-Bradley adapter manufactured by Rockwell Automation. A remote, unauthenticated attacker can exploit these flaws by sending specially crafted packets.

Foxit issues patches

Foxit has released patches to address several high-risk vulnerabilities affecting both Windows and macOS versions of its PhantomPDF application. One of these flaws could result in code injection or information disclosure. Two of these vulnerabilities are considered medium risk.

Top Scams Reported in the Last 24 Hours

Canva abused for phishing

Canva design platform is being actively abused by threat actors to redirect users to fake login forms. The spam email pretends to be a SharePoint eFax delivery notification and includes a phishing link hosted on canva.com. Clicking on the link brings a victim to the final phishing landing page, where they are prompted to log in to see the document.

Related Threat Briefings