Go to listing page

Cyware Daily Threat Intelligence, January 19, 2021

Cyware Daily Threat Intelligence, January 19, 2021

Share Blog Post

As the investigation into the SolarWinds breach continues, the plot only thickens. In a new finding, researchers revealed that the attackers had installed a new hacking tool, dubbed Raindrop, on some systems in an effort to spy on them.

Attacks by botnets also made headlines in the past 24 hours. The botnet in question is FreakOut botnet that exploits three recent flaws in applications to target Linux devices. Talking more on the exploitation of flaws, researchers have found a set of seven vulnerabilities in dnsmasq that are collectively called as DNSpooq. Some of these flaws can enable DNS cache poisoning attacks. Over 40 vendors that include Google, Cisco Systems, Siemens, Huawei, General Electric, Ubiquiti Networks, Aruba Networks, and Dell have been identified among the firms affected by these flaws.

Top Breaches Reported in the Last 24 Hours

IObit hacked
IObit, a Windows utility developer, was hacked to infect a number of its forum users with DeroHE ransomware. Researchers explain that the ransomware adds Windows Defender exclusions to allow the DLL to run. After infecting, the ransomware appends the .DeroHE extension to encrypted files and later displays a message for ransom.

Livecoin suffers due to cyberattack
Livecoin has announced its closure following a cyberattack that allegedly compromised the firm’s infrastructure and exchange rate setup. As a result, the exchange firm had lost control of its servers, backend, and nodes.

Fleek app breach
A data breach originating from the Fleek social media app has been identified by researchers. The exposed information includes explicit content of users.

AnyVan affected
AnyVan, a European online marketplace has confirmed a cyberattack that involved the theft of customers’ personal data. The incident occurred after attackers gained unauthorized access to its user database.

Top Malware Reported in the Last 24 Hours

New malware from SolarWinds
Researchers have uncovered a new hacking tool named Raindrop that was used in the recent SolarWinds supply chain attack. The tool was installed on some systems in an effort to spy on them.

FreakOut botnet’s new target
Researchers have uncovered a series of attacks against Linux devices by the FreakOut botnet. The attacks are aimed at devices running either TerraMaster Operating System, Zend Framework, or Liferay Portal.

Top Vulnerabilities Reported in the Last 24 Hours

DNSpooq vulnerability
A set of seven vulnerabilities, called DNSpooq, can leave millions of Linux-based devices exposed to cyberattacks. The flaws can allow attackers to redirect users or execute malicious code. The flaws affect dnsmasq versions prior to 2.83. Some of these flaws can enable DNS cache poisoning attacks. Over 40 vendors that include the names of Google, Cisco Systems, Siemens, Huawei, General Electric, Ubiquiti Networks, Aruba Networks, and Dell have been identified to be affected by these flaws.

Top Scams Reported in the Last 24 Hours

Text phishing scam
New York State drivers are being targeted in a new smishing scam that attempts to steal their personal information. The text message asks the drivers to update their driver’s licenses as a part of the ongoing adoption of the REAL ID Act of 2005. The message appears to be from the New York State Department of Motor Vehicles (DMV).

 Tags

raindrop
freakout botnet
anyvan
solarwinds supply chain attack
dnspooq vulnerability
smishing scam

Posted on: January 19, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!