Go to listing page

Cyware Daily Threat Intelligence, January 28, 2021

Cyware Daily Threat Intelligence, January 28, 2021

Share Blog Post

After Emotet, the takedown of another notorious malware has been announced by federal authorities. The U.S. DOJ, along with Bulgarian authorities, coordinated an operation that resulted in the disruption of the dark web site used by NetWalker ransomware. An individual has been arrested, who is claimed to have obtained tens of millions of dollars by acting as a NetWalker affiliate.

However, the seizure operations have not deterred cybercriminals’ malicious intent. A new cybercrime toolkit that can enable crooks to expand their phishing campaigns has come to the notice of researchers. Named LogoKit, the phishing tool is already being used in the wild to build phishing pages in real-time. Meanwhile, the TeamTNT threat actor group has added a new detection evasion tool to its arsenal.

Top Malware Reported in the Last 24 Hours

NetWalker malware seized
The U.S. DOJ and Bulgarian authorities have announced the successful takedown of dark web sites used by the NetWalker ransomware. In this connection, a Canadian national has been arrested who worked as a NetWalker affiliate and earned more than $27 million.

Newly discovered LogoKit
A newly discovered phishing toolkit called LogoKit has been found to be deployed in the wild. So far, researchers have identified the toolkit on more than 300 domains in a week and on over 700 sites in a month. LogoKit relies on sending users phishing links that contain their email addresses.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable SCADA/HMI products
The CISA has issued a security advisory to warn industrial organizations of some high severity flaws in SCADA/HMI products. The vulnerabilities affect the Tellus Lite V-Simulator (Versions prior to v4.0.10.0) and Server Lite (Versions prior to v4.0.10.0). The flaws include Stack-based Buffer Overflow, Out-of-Bounds Read to Out-of-Bounds Write, and Heap-BasedOverflow. Successful exploitation of these vulnerabilities can allow attackers to execute arbitrary code on unpatched systems.

Docker Container escape bug
An unpatched vulnerability in Microsoft Azure Functions can enable attackers to escalate privileges and escape the Docker container used for hosting them. Researchers have released PoC of the flaw on GitHub.

Top Scams Reported in the Last 24 Hours

Clone firm scam
British consumers have lost nearly $109 million in so-called clone firm scams in the last year. The modus operandi of the scam involves sending emails to users that appear to be from real companies. These emails include links to the phishing websites of the companies created by scammers.

FTC warns about a scam
The FTC has issued a warning about a scam that pretends to be from the U.S. regulatory agency. The scam leverages several YouTube links and pop-up sites that claim to protect personal and financial data from being exposed online.


netwalker ransomware operators
clone firm scam
docker container
teamtnt threat actor group

Posted on: January 28, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.