Cyware Daily Threat Intelligence, November 23, 2020

Share Blog Post

The powerful TrickBot is rising from ashes after a major fall. The gang has released the 100th version of the malware, which indicates the scope of their attack. The new version includes a range of obfuscation techniques including the DLL injection technique on a legitimate Windows executable. Moreover, the gang is credited for a new lightweight reconnaissance tool called LightBot to infect high-value targets.

Talking about more malicious code, a hacker released a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices. The list of vulnerable targets include domains belonging to high street banks and government organizations from around the world.

Top Breaches Reported in the Last 24 Hours

Nearly $20 million stolen
Pickle Finance fell victim to a hack that resulted in the loss of about $20 million associated with users’ funds in DAI tokens. The attackers exploited the vulnerability in DAI PickleJar using fake swaps. Currently, the team is working on fixing the flaw.

Spotify targeted
Over 380 million records including login credentials belonging to Spotify service were leaked due to an unprotected Elasticsearch database. The origin of the database and how the fraudsters targeted Spotify are unknown. However, the firm took immediate action to isolate the issue.

E-Land affected
The South Korean fashion retail firm, E-Land, disclosed a ransomware attack that affected its company’s network. This caused the firm to shut down almost half of its operations in South Korea. The incident occurred on November 22.

Top Malware Reported in the Last 24 Hours

TrickBot’s 100th version out
The TrickBot cybercrime gang has released the 100th version of the TrickBot malware with additional features to evade detection. With this release, TrickBot is now injecting DLL into the legitimate Windows executable, wermgr.exe, directly from memory using code from the MemoryModule project. Apart from this, the gang has also released a new lightweight reconnaissance tool called LightBot to infect high-value targets.

Top Vulnerabilities Reported in the Last 24 Hours

TikTok patches flaws
TikTok has patched a reflected XSS security flaw and a bug leading to account takeover impacting the firm's web domain. The first vulnerability is related to a URL parameter on the tiktok.com domain that was not properly sanitized. This could enable attackers to execute malicious code in a user’s browser session.

GitHub fixes a flaw
GitHub has finally fixed a high severity security flaw reported to it by Google Project Zero. The bug affects GitHub's Actions feature—a developer workflow automation tool—that is highly vulnerable to injection attacks.

Exploits for VPNs released
A hacker has posted a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices. The list of vulnerable targets include domains belonging to high street banks and government organizations from around the world.

Top Scams Reported in the Last 24 Hours

Warning issued for Black Friday scam
The U.K. NCSC has issued fresh guidance ahead of the upcoming Black Friday. The agency warned that cybercriminals are seeking to exploit an increased number of online shopping transactions. It has recommended users to be vigilant of phishing emails, fake social media accounts, and phishing pages to prevent the loss of their personal data.

 Tags

trickbot malware
spotify account
github
tiktok
lightbot
e land

Posted on: November 23, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!