Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Oct 21, 2021

Security warning for YouTubers! Google’s Threat Analysis Group has tracked down a massive phishing campaign against more than 4,000 YouTube creators who were targeted with cookie theft malware. The campaign went unnoticed for two long years, during which attackers managed to put hijacked accounts for sale on underground forums for prices ranging between $20 and $10,000.

Watch out! You might be the next target of identity fraud as researchers unfold a new attack method capable of stealing digital fingerprints. Dubbed Gummy Browsers, the attack method can also be used to launch browser spoofing attacks. In malware threats, PurpleFox botnet got a makeover with the addition of a new exploit, rootkit capabilities, and a backdoor.

Top Breaches Reported in the Last 24 Hours

Phishing campaign

The notorious TA551 threat actor group was tracked in a new espionage campaign that appeared to rely on email threads to target its victims. The advisory also made use of a legitimate open-source tool called Sliver as part of the infection process. The tool was distributed via a password-protected zipped Word document. The final stage of the attack involved the deployment of Cobalt Strike and ransomware.

YouTubers targeted

Google researchers unmasked a two-year-old phishing campaign that targeted more than 4,000 YouTube accounts. The creators were tricked with offers for business collaborations and later were unknowingly targeted with cookie theft malware. The hijacked accounts were sold on underground forums for prices up to $10,000.

Top Malware Reported in the Last 24 Hours

PurpleFox botnet evolves

The operators of PurpleFox botnet have added a new exploit and optimized rootkit capabilities to its arsenal. The exploit is for a flaw CVE-2021-01732 affecting Windows 10/Windows Server 2019. Additionally, the botnet has been updated with a new .NET backdoor that uses WebSockets.

Newly found npm malware

Three malicious npm packages named klow, klown, and okhsa were found running cryptocurrency malware on Windows and Linux systems. These packages were downloaded 150 times before being removed.

Top Vulnerabilities Reported in the Last 24 Hours

Google releases Chrome 95

Google has released the Chrome 95 browser with patches for 19 vulnerabilities. The most severe of these is a heap buffer overflow vulnerability tracked as CVE-2021-37981. Other notable flaws are use-after-free vulnerabilities and inappropriate implementation flaws.

Cisco issues updates

A vulnerability discovered in an API of the Call Bridge feature of the Cisco Meeting Server could allow attackers to cause a Denial of Service (DoS) condition. The flaw is due to the improper handling of a large series of message requests. Cisco has released software updates that address this vulnerability.

New flaw affects Intel processors

A newly discovered vulnerability affecting Intel processors could be abused to pilfer sensitive information stored within secure enclaves and even run arbitrary codes on vulnerable systems. The flaw is tracked as CVE-2021-0186 and has a CVSS score of 8.2.

New memory corruption bug in Linux

A new memory corruption flaw described as a straightforward Linux kernel locking bug found in Debian Buster’s 4.19.0.13-amd64 kernel can be abused to gain escalated privileges. Researchers have released a PoC exploit for the flaw.

Gummy Browsers attack

Researchers unfolded a new attack method called Gummy Browsers that lets threat actors capture victims’ digital fingerprints and spoof their profiles. By capturing digital fingerprints, the attackers can gain access to a user’s IP address, browser and OS version, active add-ons, and cookies.

Related Threat Briefings