Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 24, 2020

Two weeks after cybersecurity agencies from France, Japan, and New Zealand published warnings about an uptick in Emotet activity, agencies in Italy and the Netherlands have issued a fresh advisory warning about the rising malspam activities of the trojan. These spam emails come with malicious files attached that infect the host with Emotet malware.

Fresh details about AgeLocker ransomware and a new Alien trojan have also surfaced in the last 24 hours. While AgeLocker ransomware has been found targeting QNAP NAS devices in its recent attacks, the newly discovered Alien trojan is capable of stealing credentials from 226 Android applications.

Top Breaches Reported in the Last 24 Hours

Tyler Technologies affected

Software vendor Tyler Technologies has suffered a cyberattack after an unknown third-party hacked its internal systems. The nature of the attack is yet to be ascertained. Meanwhile, the firm has notified the federal authorities about the incident. Users have also been asked to change their passwords as a part of security measures.

Top Malware Reported in the Last 24 Hours

New Alien malware

A new strain of Android malware named Alien comes with the capability to steal credentials from 226 applications. The trojan has been active since the beginning of the year and is offered as a Malware-as-a-Service (MaaS) on underground forums. Among the other capabilities, Alien can record keyboard input, harvest SMS messages, steal contact lists, and provide remote access to a device through TeamViewer.

AgeLocker ransomware

QNAP NAS devices are being targeted by AgeLocker ransomware that uses an encryption algorithm called Age. The activity has picked up since August. After encrypting files, the ransomware leaves behind a ransom note that includes details on how to retrieve data.

Emotet’s rising attacks

After France, Japan, and New Zealand, cybersecurity agencies from Italy and the Netherlands have published an alert warning about the latest malspam activities of Emotet. The technique of infecting target systems with the trojan is quite clever and effective.

Top Vulnerabilities Reported in the Last 24 Hours

Instagram RCE flaw

A critical remote code execution flaw in Instagram’s Android and iOS apps can allow remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. The flaw can be exploited by sending a malicious image file via SMS, WhatsApp, email, or any other messaging service. Facebook has confirmed the vulnerability and fixed it with a new security update.

Google fixes RCE flaw

Google has patched a privilege escalation vulnerability in the OS Config cloud service. The exploitation of the vulnerability requires access to the targeted system or a privileged shell on the affected VM. Technical details on how to exploit the flaw have been made available by a team of researchers.

Top Scams Reported in the Last 24 Hours

iPhone12 scam

A fake iPhone12 trial scam is doing the rounds recently. Cybercrooks are sending invitations over SMS to recipients as a part of the false Apple 2020 Testing Program. The message includes a link that redirects the victims to a questionnaire page to prove their identity. Later, they are asked to make a nominal payment for the courier to receive their iPhone.

Fake GDPR reminder

Phishers are using a fake GDPR compliance reminder to trick recipients into handing over their email login credentials. The attackers lure targets under the pretense that their email security is not GDPR compliant and requires immediate action.

Related Threat Briefings