Cyware Daily Threat Intelligence

Daily Threat Briefing • Oct 31, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 31, 2019
Urgency and fear are two human emotions that are widely exploited by phishing campaigns. In the past 24 hours, a new phishing campaign that targets Office 365 users has been reported. It uses an audio file to induce a sense of urgency in the victim to access the malicious link.
More than 21 million login credentials were found on the dark web. These credentials are believed to be stolen from Fortune 500 companies.
In another security incident, top domain name registrars NetworkSolutions, Register and Web have detected an intrusion in August 2019 and are urging their customers to reset passwords.
Top Breaches Reported in the Last 24 Hours
Domain name registrars detect security intrusion
Domain name registrars NetworkSolutions, Register, and Web have asked their customers to change passwords following the detection of a security breach. It was discovered that a third-party gained unauthorized access to customer account information in August 2019.
Indian nuclear power plant hit by malware
One of India’s largest power plants, the Kudankulam Nuclear Power Plant (KNPP) was infected by malware, said its parent company NPCIL. The malware is said to have infected only the administrative network and not the critical internal network.
Millions of login credentials compromised
More than 21 million stolen credentials have been discovered by researchers on the dark web. These login credentials belong to several Fortune 500 companies. Most of these credentials were observed to be from firms in the tech and financial industries.
Top Malware Reported in the Last 24 Hours
Decryptor released for Paradise Ransomware
Researchers have released a free decryptor for the Paradise Ransomware. Encrypted and unencrypted pair of files larger than 3KB is required to use this decryptor. However, this decryptor does not support all variants of the ransomware.
APT 41 Uses MESSAGETAP Malware to Monitor Targets' Texts and Phone Metadata
Chinese government-linked hackers, dubbed as APT-41 have been conducting a new surveillance campaign that tracks mobile text messages of individuals in a vast trove of telecommunication data. The group has hacked an unnamed telecommunications provider to monitor the messaging activity of high-ranking individuals of interest to the Chinese government.
Israeli Spyware Pegasus Used to Spy on Indian Academics, Lawyers, Activists, and Journalists
WhatsApp contacted at least 2 dozen academics, lawyers, activists, and journalists in India and alerted them of being targets of surveillance via Israeli spyware Pegasus. The phones were under surveillance for a 2-week period until May 2019. Victims are convinced to click on a specially crafted ‘exploit link’ which installs Pegasus without the user’s knowledge. Once installed, Pegasus contacts the operator’s C&C servers to receive and execute operator commands, and send back the target’s private data.
Top Vulnerabilities Reported in the Last 24 Hours
Untitled Goose Game flaw patched
A remote code execution flaw in the recently released ‘Untitled Goose Game’ video game has been patched. To exploit this vulnerability, the attacker needs access to a victim’s saved game.
Apple Patches Several Vulnerabilities in macOS, iOS, iPadOS
This week Apple has released security updates for iOS 13, iPadOS 13.2, and macOS Catalina 10.15. The company has also released patches for watchOS, Safari, and tvOS. The latest version of macOS Catalina, which is version 10.15.1, addresses a total of 33 vulnerabilities; which can be exploited through malicious applications or specially crafted files. The updates for iOS and iPadOS mitigate 28 vulnerabilities, regarding arbitrary code execution, data exfiltration, authentication bypass, etc. A lot of these vulnerabilities also affect macOS, such as the flaws that affect components like Accounts, App Store, etc.
Top Scams Reported in the Last 24 Hours
Phishing scam targets Office 365 users
A new phishing campaign targeting Office 365 users has been observed by researchers. The victim receives an email message informing them that they have a missed phone call and asks them to log into their account to access a voicemail message. The email redirects the victim to a phishing page where they are prompted to enter the credentials.
New campaign targets precision companies
Precision companies in Italy are being targeted in a new phishing campaign. This campaign involves a Microsoft Excel spreadsheet with exploit code, and the final payload is said to be a fileless Trojan that steals credentials.