Cyware Daily Threat Intelligence, December 11, 2020

Share Blog Post

Top Breaches Reported in the Last 24 Hours

Air France-KLM attacked
Attackers attempted to break into Air France-KLM. Initially, the criminals tried breaching into the Dutch side of the network, however, the implementation of security measures made the attackers move to the French side. The extent of the breach is as of now unknown.

UiPath breached
Tech unicorn UiPath emailed its users revealing a data breach incident, resulting in the exposure of personal information about users of UiPath Academy. The leaked information contained names, email addresses, country locations, usernames, company names, and UiPath certification details.

MySQL servers hacked
More than 250,000 databases have been compromised due to an ongoing ransomware attack that abused weak credentials on MySQL servers. The campaign was launched in January and to date, 83,000 victims have been targeted. 


Top Malware Reported in the Last 24 Hours

Facebook tracked OceanLotus hackers
APT32, also known as OceanLotus, was formally linked to a Vietnamese IT company—CyberOne Group—by Facebook. The discovery came after the gang was caught exploiting Facebook to hack into people’s accounts and spread malware. 

Ransomware attacks target K-12 schools 
The FBI and CISA issued a joint warning about the rising ransomware attacks against the K-12 educational sector. The five most active ransomware targeting K-12 schools include Ryuk, REvil, Nefilim, AKO, and Maze. 

Malware attacks on browsers
An ongoing malware campaign is hitting the internet with malware that disrupts the security of web browsers, adds malicious extensions, and makes changes to victims’ systems. The malware, dubbed Adrozek, has been launched against Google, Yandex, Edge, and Firefox. The malware distribution network consists of 159 unique domains that host an average of 17,300 unique URLs, which, in turn, host an average of 15,300 unique malware samples.


Top Vulnerabilities Reported in the Last 24 Hours

Critical flaws in D-Link routers
Critical vulnerabilities discovered in D-Link routers make them susceptible to zero-day attacks. The flaws include an unauthenticated remote LAN/WAN root command injection flaw (CVE-2020-25757), authenticated root command injection vulnerability (CVE-2020-25759), and an authenticated crontab injection (CVE-2020-25758). The affected models include DSR-150, DSR-250, DSR-500, and DSR-1000AC VPN running firmware version 3.14 and 3.17.


Top Scams Reported in the Last 24 Hours

Fake data breach alerts
An ongoing phishing scam is targeting Ledger wallet users with fake data breach alerts in an attempt to steal cryptocurrency. The emails state that the user has been impacted by a breach and they should install the latest version of Ledger Live to protect their assets with a new PIN.

 Tags

d link
air france
mysql
uipath

Posted on: December 11, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!