Go to listing page

Cyware Daily Threat Intelligence June 25, 2021

Cyware Daily Threat Intelligence June 25, 2021

Share Blog Post

Hackers are leveraging cracked software to become crypto-rich. The cyber threat landscape has witnessed a new cryptocurrency mining malware called Crackonosh that mined $2 million of Monero from over 200,000 hacked computers. Indicators left by the malware suggest its authors may be from the Czech Republic.

Alert! Widespread exploitation of Zyxel routers and VPN devices has been reported by the networking device manufacturer. The organizations being targeted are those using Zyxel Unified Security Gateway (USG) and ZyWALL, the USG FLEX combined firewall and VPN gateway, among others. The company has suggested maintaining a proper security policy for remote access to reduce the attack surface.

Top Breaches Reported in the Last 24 Hours

DreamHost leaks data
Los Angeles-based web hosting provider DreamHost had left exposed around 86.15GB of data for the past three years due to a leaky database. The database contained over eight billion records with names, email addresses, and WordPress login location URLs of users.

Top Malware Reported in the Last 24 Hours

Crackonosh malware
A new strain of cryptocurrency mining malware that abuses Windows Safe mode to launch its attack has been discovered. Dubbed Crackonosh, the malware spreads via pirated and cracked software on torrents, forums, and warez websites. The infection chain begins with the drop of an installer and a script that modifies the Windows registry. So far, the malware has mined $2 million of Monero from 222,000 hacked computers.

Top Vulnerabilities Reported in the Last 24 Hours
 
Zyxel routers and VPN devices exploited
Zyxel has issued an alert that attackers are actively targeting its routers and VPN devices to change configurations and gain remote access to networks. The attacks are targeted against organizations using Zyxel Unified Security Gateway (USG) and ZyWALL, the USG FLEX combined firewall and VPN gateway, among others. The company has suggested maintaining a proper security policy for remote access to reduce the attack surface.

Fortinet issues a patch
A high-severity vulnerability found in the FortiWeb Web Application Firewall (WAF) has been patched by Fortinet. Tracked as CVE-2021-22123, the flaw can allow a remote attacker to execute commands on the system via the SAML server configuration page.

Top Scams Reported in the Last 24 Hours

FINRA phishing campaign
FINRA is notifying all U.S. brokerage organizations of a continuing phishing operation impersonating FINRA Support. The email asks the victims to take a look at the attached report that requires an immediate response. According to the regulator, the emails may not include an attachment.

 Tags

zyxel routers
fortinet vpn
dreamhost
finra
crackonosh malware

Posted on: June 25, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.