Go to listing page

Cyware Daily Threat Intelligence, January 14, 2021

Cyware Daily Threat Intelligence, January 14, 2021

Share Blog Post

Scammers are off to a great start in 2021 as details of a new and complex Classiscam scheme come into the limelight. Reports reveal that the ongoing widespread scam-as-a service has enabled around 40 cybercriminal gangs to steal over $6.5 million in the year 2020 alone. The modus operandi of the scam involves luring online buyers to pages mimicking classified ads.

Meanwhile, Cisco has announced that over 70 vulnerabilities found in some of its router products will not be fixed as they have reached End-Of-Life. The affected products are Cisco’s Small Business RV110W, RV130, RV130W, and RV215W routers.

Top Breaches Reported in the Last 24 Hours

Unsecured database
An unsecured Microsoft Azure Blob belonging to Nohow International was exposed online for a week before it was secured. The database contained sensitive documents of over 12,000 U.K. workers. The exposed information included details on National ID cards, passports, birth certificates, tax returns, and national insurance cards.

Top Vulnerabilities Reported in the Last 24 Hours

Flawed Orbit Fox plugin fixed
Two security vulnerabilities found in an Orbit Fox WordPress plugin have been fixed with the release of the latest versions. The flaws are related to privilege escalation and stored cross-site scripting problems. They can be exploited to take control of a website.

Unpatched Cisco routers
Over 70 vulnerabilities in Cisco’s Small Business RV110W, RV130, RV130W, and RV215W routers have been planned not to be fixed as these devices have reached EOL. The security bugs exist because user-supplied input to the web-based management interface of the affected router series is not properly validated, thus allowing an attacker to send specially-crafted HTTP requests to exploit these issues.

Top Scams Reported in the Last 24 Hours

Newly discovered Classiscam operation
A newly uncovered Russia-based cybercrime operation dubbed Classiscam has helped classified ads scammers steal more than $6.5 million from users in the U.S, Europe, and former Soviet states. The scam operation began in early 2019, targeting only users of Russian online marketplaces and classified ad portals. The gang expanded to other countries only last year. Currently, Classiscam is active in more than a dozen countries and on foreign marketplaces such as OLX, Fan Courier, Sbazar, DHL, and Allegro.

 Tags

orbit fox wordpress plugin
classiscam scheme
nohow international
cisco routers
microsoft azure blob

Posted on: January 14, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!