Cyware Daily Threat Intelligence, January 22, 2021

Share Blog Post

Even cyber criminals commit mistakes and this latest incident is proof of it. More than 1,000 credentials stolen by attackers in a phishing campaign have been left exposed online via simple Google searches. The campaign in question is related to the one that occurred in August 2020 and used spoofed Xerox notifications as a lure. 

Besides this, the past 24 hours witnessed a new malware attack on QNAP NAS devices. Infected through a malware named ‘dovecat’, the cybercriminals intend to install Bitcoin miners on compromised NAS devices. 

Meanwhile, new research reveals that unprotected Windows RDP servers are now a popular attack channel to launch amplified DDoS attacks. 

Top Breaches Reported in the Last 24 Hours

MyFreeCams site hacked
A hacker is selling a database with login details for two million users associated with MyFreeCams. The database was hacked through a successful SQL injection attack and can be used to steal funds from premium members. 

Stolen credentials leaked
Attackers behind a phishing campaign have unintentionally left more than 1,000 stolen credentials exposed online via simple Google searches. The campaign, which began in August 2020, used emails that spoofed notifications from Xerox scams to lure victims into clicking on malicious HTML attachments. 

CHwapi hospital attacked
The CHwapi hospital in Belgium has suffered from a cyberattack where threat actors claim to have encrypted 40 servers and 100TB of data using Windows Bitlocker. The hackers have placed a ransom demand to decrypt the encrypted files.

Top Malware Reported in the Last 24 Hours

Dovecat malware
Dovecat is a new malware strain targeting QNAP NAS devices. The cybercriminals behind the malware are using it to install Bitcoin miners on compromised NAS devices, without user consent. QNAP has asked its users to avoid using default port numbers (such as 80, 443, 8080, and 8081) and enhance the security of their NAS devices by following best practices.

Top Vulnerabilities Reported in the Last 24 Hours

Drupal fixes a new flaw
The Drupal team has released security updates for a vulnerability that resides in the PEAR Archive_Tar third-party library. The flaw can be exploited by attackers if the CMS is configured to allow the upload and processing of .tar, .tar.gz, .bz2, or .tlz files. 

Windows RDP abused
Cybercriminals are using Windows RDP systems to amplify DDoS attacks. Systems in which RDP authentication is enabled on UDP port 3389 on top of the standard TCP port 3389 are susceptible to these attacks. 

Cisco patches several flaws
Cisco has issued patches to address a significant number of vulnerabilities affecting its products, including several critical flaws in SD-WAN products, DNA Center, and Smart Software Manager Satellite (SSMS). Some of these flaws could allow an attacker to gain root access to affected devices.

 Tags

chwapi hospital
drupal site
qnap nas devices
dovecat malware
windows rdp servers

Posted on: January 22, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!