Go to listing page

Cyware Daily Threat Intelligence, February 01, 2021

Cyware Daily Threat Intelligence, February 01, 2021

Share Blog Post

While the organizations yet to cope with the hard-hitting SolarWinds attack, another supply chain attack has landed on security experts’ investigation list. Dubbed as NightScout, the cyber-espionage operation was targeted at BigNox to deliver three malware families to victims in five countries, including Taiwan, Hong Kong, and Sri Lanka.

A clever tech support scam with unique evasion techniques has also come to the light of researchers. As a part of the scam, the phishers are manipulating Google search results to push malicious Home Depot ads.

Top Breaches Reported in the Last 24 Hours

BigNox targeted
A mysterious hacking group has targeted BigNox, a company that makes the NoxPlayer Android emulator, in a highly-targeted supply chain attack. Based on evidence gathered by researchers, a threat actor compromised one of the company’s official API and file hosting servers. So far, three malware families have been spotted being distributed through fake NoxPlayer updates to victims located in Taiwan, Hong Kong, and Sri Lanka.

UKRI attacked
The UK Research and Innovation (UKRI) is dealing with a ransomware attack that encrypted data and impacted two of its services. Currently, there is no evidence that the attackers stole any data from UKRI’s systems.

Serco hit by ransomware
British services business Serco has been hit by the Babuk Locker ransomware, impacting the firm’s European operations. The ransomware operators have further claimed to copy more than 1TB of data after hacking the network for about three weeks.

Top Vulnerabilities Reported in the Last 24 Hours

Libgcrypt issues an update
The developers of Libgcrypt have issued an urgent update to tackle a critical heap buffer overflow vulnerability arising due to an incorrect assumption in the block buffer management code. While the flaw has not been assigned a CVE number, the issue has been fixed in version 1.9.1.

Top Scams Reported in the Last 24 Hours

Tech support scam
A malicious Home Depot advertising campaign has been found redirecting Google Search visitors to tech support scams. Once visitors click on the ad, they are redirected through various ad services that ultimately end up on a page that displays an annoying message that reads ‘Windows Defender - Security Warning.’ To make detection more difficult for security professionals, it appears that the ads only redirect to the scam once every 24 hours to the same IP address.

 Tags

libgcrypt
serco
bignox
tech support scam
uk research and innovation ukri

Posted on: February 01, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.