We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 3, 2021

A rise in the number of cyberattacks against the financial sector has sent a warning to banks to improve their security posture. Researchers blame the surge due to the Qakbot trojan that continues to receive updates in the form of modules to maximize the revenue impact, along with stealing information from targets. It has been found that the number of users affected by the trojan has increased by 65% in the first seven months of 2021.

Gift cards and reward points are also on the target list of cybercriminals as a new massive campaign came to notice in the past 24 hours. Threat actors are aggressively using brute-force attacks in the campaign to compromise up to 100,000 inboxes daily to steal loyalty rewards or gift cards that can either be sold on dark web markets or be used to make fraudulent purchases.

Meanwhile, IoT devices continue to be riddled with security vulnerabilities that can be exploited by hackers to launch MitM attacks. This time, flaws were found in specific devices manufactured by Comcast and Victure.

Top Breaches Reported in the Last 24 Hours

Guntrader data leaked

The personal information of over 100,000 U.K-based Guntrader owners was leaked online in the form of a reformatted CSV file. The file included zip codes, phone numbers, IP addresses, and email addresses of owners.

Loyalty members targeted

Threat actors leveraging brute force attacks in an attempt to target gift card and customer-loyalty program data of users. Researchers have uncovered a massive attack campaign wherein the attackers are compromising up to 100,000 inboxes daily to steal rewards or gift cards that can either be sold on dark web markets or be used to make fraudulent purchases.

Top Malware Reported in the Last 24 Hours

A rise in QakBot attacks

Researchers have uncovered that the number of users targeted by the QakBot trojan has increased by 65% in the first seven months. The trojan is capable of keylogging, cookie-stealing, passwords, and login grabbing. The later versions of the trojan include functionalities and techniques that can allow attackers to stay under the radar during the infection process.

Top Vulnerabilities Reported in the Last 24 Hours

Flaws in Moxa devices

Around 60 vulnerabilities are found affecting Railway Communication Devices manufactured by Moxa. More than 50 vulnerabilities exist in third-party components such as the GNU C Library (glibc), the DHCP client in BusyBox, the Dropbear SSH software, the Linux kernel, and OpenSSL. Two of these vulnerabilities affecting Moxa devices are related to a command injection issue and a cross-site scripting flaw.

Fault in IoT monitoring devices

Several zero-day vulnerabilities discovered in IoT monitoring devices manufactured by Victure can be exploited by hackers to gain unauthorized access to private camera feeds or plant malware. One of these is described as a stack-based buffer overflow vulnerability in the ONVIF server component of Victure’s PC420 smart camera. While some of these security flaws have been fixed, there are a few that are yet to receive an update.

Vulnerable TP-Link routers

Numerous security flaws within the default firmware and the web interface app of the TP-Link AC1200 Archer C50 router can be exploited to launch MitM and DoS attacks. Some of these flaws are related to Use-after-free and cURL issues.

Node-js patches five flaws

Developers of Node.js have released security updates for five security vulnerabilities, some of which can lead to remote code execution attacks. Three of these are high-severity issues and two are moderate security flaws.

WarezTheRemote attack

Researchers demonstrated a new attack vector against Comcast’s XR11 voice remotes that are deployed across homes in the U.S. Dubbed WarezTheRemote, the attack can allow attackers to launch MitM attacks. The PoC for the attack method has also been released.

Related Threat Briefings