Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 28, 2020

The creators of the infamous REvil ransomware are undergoing an expansion process. In an update on a hacker forum, the operators have deposited around $1 million in bitcoin to boost their abilities and attract potential affiliates to join their team. Unfortunately, this latest shadowy activity of the group signifies unforeseen challenges for organizations in the coming days.

Meanwhile, beware of a new phishing scam that leverages the grant scheme announced by Facebook. Cybercrooks are posting fake news around the scheme, along with an URL, on a popular media outlet to lure victims. The link, if clicked, redirects victims to a phishing page that prompts them to provide their Facebook login credentials and other personal details.

Top Breaches Reported in the Last 24 Hours

BrandBQ’s data breach

A European fashion retailer, BrandBQ, has exposed seven million customer records due to a misconfigured Elasticsearch server. The compromised data includes full names, home addresses, dates of birth, phone numbers, and payment records of individuals.

Airbnb exposes data

A technical issue in Airbnb service on desktop and mobile web platforms caused the leak of a limited amount of data. The exposed information included personally identifiable information, such as addresses of hosts and details of Airbnb properties. The firm implemented additional security controls immediately to contain the issue.

REvil operators' new strategy

REvil operators have deposited $1 million in a hacker forum as part of their recruitment drive. The deposit illustrates the amount of money that attackers are generating from ransomware operations.

Suspicious logins attempts

Customers of Tyler Technologies are reporting suspicious logins and previously unseen RATs on their networks and servers. The reports come days after the firm admitted falling victim to a ransomware attack. As a precaution, Tyler Technologies has planned to reset passwords for all its clients.

Top Malware Reported in the Last 24 Hours

Decryptor of ThunderX ransomware

A decryptor for the ThunderX ransomware has been released by the Tesorion cybersecurity firm by exploiting a flaw in the ransomware. The flaw is related to its encryption process. The decryptor is applicable to files encrypted by the ransomware’s current version that has the .tx_locked extension.

Top Scams Reported in the Last 24 Hours

Facebook grant scam

Cybercrooks are exploiting the latest giveaway scheme of Facebook to trick users. They are using an article from the popular CNBC media outlet as a bait to lure users hit by COVID-19 with the promise of a grant by Facebook. Furthermore, the article includes a link that redirects victims to a phishing page, asking them to enter their Facebook credentials. Later, it asks for more personal information such as their address, SSNs, and even, a scan of both sides of the ID.

Related Threat Briefings