Go to listing page

Cyware Daily Threat Intelligence, July 27, 2022

Cyware Daily Threat Intelligence, July 27, 2022

Share Blog Post

Phishing is considered the quickest attack vector when it comes to extracting financial data, credentials, and sensitive personal information. Researchers spotted one such phishing campaign impersonating DHL and sneakily pilfering names, phone numbers, and payment card data using Telegram bots. Besides, Nuki Smart Locks were found flooded with nearly a dozen high-severity vulnerabilities. The bugs could give rise to DoS conditions, code execution, data spillage, privilege escalation, and more. 

Web3 firms continue to be highly targeted by cybercriminals. Of late, a hacker group infiltrated a decentralized music streaming service via a bug that has been live since the contracts were deployed. In fact, two in-depth security assessments could also not identify the bug. 

Top Breaches Reported in the Last 24 Hours


DeFi music platform lost millions
Hackers siphoned off about $6 million from Audius, a decentralized music platform on the Ethereum blockchain. Minutes after the incident, authorities froze several services to contain the attack. It was found that hackers abused a bug in the contract initialization code that allowed them to perform repeated invocations of the initialized functions.

Ransomware attack targets WorlFly
The primary website of WordFly, a digital communication and marketing platform, fell victim to a ransomware attack. As a consequence, WordFly’s website and services remained unavailable. The first network disruption was observed on July 10. Hackers stole some of their customer data but the company claims they weren’t sensitive.

Top Malware Reported in Last 24 Hours


Predator spyware planted against Greek lawmaker
European Parliament found that a Greek lawmaker was targeted by Predator, a high-end surveillance tool. The target received a message on his phone that read "Let's get a little serious about this, my friend, we have something to win.” It reportedly contained a malicious link that could download the spyware just through a single click. Apparently, he didn’t click on the embedded link.

LockBit and BlackMatter
Trend Micro researchers underlined similarities between the latest iteration of the LockBit ransomware and BlackMatter.  Experts noted overlaps in the privilege escalation and harvesting routines used by attackers to identify APIs required to discontinue running processes and other operations. Further, the use of anti-debugging and threading techniques to avoid detection are also coinciding.

Top Vulnerabilities Reported in the Last 24 Hours


Several critical bugs in Nuki Smart Lock
NCC Group disclosed 11 critical bugs in multiple versions of Nuki Smart Locks. The report suggests that the firm couldn’t implement SSL/TLS certificate validation on its Smart lock and Bridge devices, letting attackers perform man-in-the-middle attacks. Similarly, other flaws could allow an attacker to run arbitrary code, access sensitive data, impersonate an authentic user, and more.

Top Scams Reported in the Last 24 Hours


Scammers imitate DHL
Sucuri has uncovered a phishing campaign involving fake landing pages for DHL, the popular courier and package mailing service. It creates a fake emergency related to an undispatched order. An unsuspecting user clicking on the ‘Continue’ button is redirected to a page to enter their personal information such as name and contact information. In the next phase, scammers request a one-time payment fee of $1.49 to process the undelivered package.

 Tags

personal information leaks
wordfly
audius
nuki smart locks
dhl phishing campaign
blackmatter
predator spyware
lockbit 30

Posted on: July 27, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.