Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Oct 15, 2020

The Iranian hacker group, Silent Librarian, has emerged from the shadow. Security researchers have discovered that the APT group is actively targeting universities across the world in a massive spear-phishing campaign. The group is using Cloudflare for most of its phishing hostname as part of its obscuring strategy. So far, the attack has impacted universities in Australia, the U.K, the U.S., Canada, Sweden, Germany, and the Netherlands.

In another development, several organizations have received DDoS extortion threats that include a payment of $230,000. To prove their threat legitimacy, the threat actors are sending a list of victim IPs to organizations.

Top Breaches Reported in the Last 24 Hours

Barnes & Noble confirms cyberattacks

Barnes & Noble has confirmed a cyberattack impacting Nook services. As a result, customers were unable to access their Nook libraries and their previous purchases. The bookseller has partially restored its systems.

Panion leaks data

A Swedish software company, Panion, exposed over 2.5 million user records due to an unsecured Amazon AWS bucket. The exposed data included personal information, such as passwords, credit card data, and social security numbers. The bucket was publicly accessible for seven days before it was secured.

DDoS extortion threats

In a widespread DDoS extortion threat campaign, several companies across the globe have been threatened with DDoS attacks unless $230,000 is paid in ransom. One of the targeted organizations includes Travelex. To prove their threat legitimacy, the threat actors are also sending a list of victim IPs.

ProctorTrack breached

ProctorTrack has disabled access to its service following an attack on its parent company, Verificient. To add further damages, the hackers defaced the site of Verificient with a video.

Universities targeted

The notorious Silent Librarian threat actor group is back in action, targeting several universities in Australia, the U.K, the U.S., Canada, Sweden, Germany, and the Netherlands. The attack method includes the use of Cloudflare to hide the true location of its servers.

Top Malware Reported in the Last 24 Hours

Mirai adds new exploits

Researchers have observed four new Mirai variants and the exploitation of two new command injection vulnerabilities in the wild. While the variants differ in origin and configuration, they all possess the necessary functionality to launch DDoS attacks. Variant four also includes an infection capability that is present in the other three variants.

Magento phishing

Magento admin login phishing page was found on a compromised website using the file name wp-order.php. The page looked like a legitimate Magento 1.x login page to unsuspecting users but in the background, it loaded the page elements from a malicious domain ‘orderline[.]club.

Top Vulnerabilities Reported in the Last 24 Hours

SonicWall fixes a flaw

SonicWall has issued patches for a critical stack-based buffer overflow vulnerability in the VPN portal. The flaw (CVE-2020-5135) can be abused to crash the device and prevent users from connecting to corporate resources. It can also open the door to remote code execution.

SAP issues updates

The updates issued by SAP for October 2020 include 15 security notes. Out of these, six are for previously patched flaws. One of the issues patched exists in CA Introscope Enterprise Manager. It has a CVSS score of 10.

Related Threat Briefings