Cyware Daily Threat Intelligence

Daily Threat Briefing • Oct 15, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 15, 2020
The Iranian hacker group, Silent Librarian, has emerged from the shadow. Security researchers have discovered that the APT group is actively targeting universities across the world in a massive spear-phishing campaign. The group is using Cloudflare for most of its phishing hostname as part of its obscuring strategy. So far, the attack has impacted universities in Australia, the U.K, the U.S., Canada, Sweden, Germany, and the Netherlands.
In another development, several organizations have received DDoS extortion threats that include a payment of $230,000. To prove their threat legitimacy, the threat actors are sending a list of victim IPs to organizations.
Top Breaches Reported in the Last 24 Hours
Barnes & Noble confirms cyberattacks
Barnes & Noble has confirmed a cyberattack impacting Nook services. As a result, customers were unable to access their Nook libraries and their previous purchases. The bookseller has partially restored its systems.
Panion leaks data
A Swedish software company, Panion, exposed over 2.5 million user records due to an unsecured Amazon AWS bucket. The exposed data included personal information, such as passwords, credit card data, and social security numbers. The bucket was publicly accessible for seven days before it was secured.
DDoS extortion threats
In a widespread DDoS extortion threat campaign, several companies across the globe have been threatened with DDoS attacks unless $230,000 is paid in ransom. One of the targeted organizations includes Travelex. To prove their threat legitimacy, the threat actors are also sending a list of victim IPs.
ProctorTrack breached
ProctorTrack has disabled access to its service following an attack on its parent company, Verificient. To add further damages, the hackers defaced the site of Verificient with a video.
Universities targeted
The notorious Silent Librarian threat actor group is back in action, targeting several universities in Australia, the U.K, the U.S., Canada, Sweden, Germany, and the Netherlands. The attack method includes the use of Cloudflare to hide the true location of its servers.
Top Malware Reported in the Last 24 Hours
Mirai adds new exploits
Researchers have observed four new Mirai variants and the exploitation of two new command injection vulnerabilities in the wild. While the variants differ in origin and configuration, they all possess the necessary functionality to launch DDoS attacks. Variant four also includes an infection capability that is present in the other three variants.
Magento phishing
Magento admin login phishing page was found on a compromised website using the file name wp-order.php. The page looked like a legitimate Magento 1.x login page to unsuspecting users but in the background, it loaded the page elements from a malicious domain ‘orderline[.]club.
Top Vulnerabilities Reported in the Last 24 Hours
SonicWall fixes a flaw
SonicWall has issued patches for a critical stack-based buffer overflow vulnerability in the VPN portal. The flaw (CVE-2020-5135) can be abused to crash the device and prevent users from connecting to corporate resources. It can also open the door to remote code execution.
SAP issues updates
The updates issued by SAP for October 2020 include 15 security notes. Out of these, six are for previously patched flaws. One of the issues patched exists in CA Introscope Enterprise Manager. It has a CVSS score of 10.