Go to listing page

Cyware Daily Threat Intelligence August 20, 2021

Cyware Daily Threat Intelligence August 20, 2021

Share Blog Post

A new and powerful variant of Mozi botnet is wandering into the town with an aim to target new networking systems. The variant in question is using DNS spoofing and HTTP session hijacking attacks to compromise endpoint systems. In the realm of malware attacks discovered in the last 24 hours, it has been found that Australians are being targeted in a new text message scam that causes the download of FluBot trojan onto their Android devices.

Meanwhile, LinkedIn users need to be vigilant about the ongoing fake job listing scheme that is being used by threat actors to accomplish their malicious purposes.

Top Breaches Reported in the Last 24 Hours

AT&T users’ data on sale
The ShinyHunters threat actor group has been found selling 70 million AT&T users’ records on an underground forum. The data on sale allegedly includes full names, social security numbers, email addresses, and dates of birth of users. The gang is selling the database for a starting price of $200,000.

Top Malware Reported in the Last 24 Hours

A new version of Mozi botnet 
A new version of the Mozi botnet is now capable of using DNS spoofing and HTTP session hijacking attacks to compromise endpoint systems. Furthermore, it has gained new capabilities to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE.

FluBot targets Australians
Thousands of Android users in Australia have been hit by a new scam text message that distributes FluBot malware. The malware gives the attackers access to a users’ contact list, who can become potential targets. 

Top Vulnerabilities Reported in the Last 24 Hours 

Unofficial patch for PetitPotam flaw
An unofficial security patch has been released for the newly found PetitPotam vulnerability. The flaw tracked as CVE-2021-36942 is a remote code execution issue that abuses the Encrypting File System Remote (MS-EFSRPC) protocol.

Vulnerable BIND DNS software
A high-severity DoS vulnerability affecting its BIND DNS software can be exploited to crash systems remotely. The flaw is tracked as CVE-2021-25218 and affects BIND versions 9.16.19, 9.17.16, and 9.16.19-S1. Patches are included in versions ??9.16.20, 9.17.17, and 9.16.20-S1.

A flaw in Autodesk software 
Security researchers discovered a new vulnerability in the Autodesk software component that can allow attackers to install malicious programs, modify data, or create new accounts with full user rights. The flaw, CVE-2021-27032, lies in the default permissions assigned to the Autodesk Licensing Service, which runs as a locally privileged operating system account.

Top Scams Reported in the Last 24 Hours

Fake LinkedIn job list
Scammers are creating fake job lists on Linkedin to attract eligible applicants for malicious purposes. In one such instance, victims were redirected to a phishing website that was designed to harvest their personal details.

False payment scheme
Threat actors are using fake monetization schemes to lure users and pilfer their credentials. The campaign imitates well-known banking services to send fake remittance payment documents to potential targets.

 Tags

flubot trojan
petitpotam flaw
mozi botnet
autodesk software
bind dns software
linkedin users

Posted on: August 20, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.