Go to listing page

Cyware Daily Threat Intelligence, November 26, 2020

Cyware Daily Threat Intelligence, November 26, 2020

Share Blog Post

Fake apps have become a popular channel for cybercriminals to drop malware and conduct malicious activities. Recently, researchers have found that there are more than 60 fake apps masquerading as the popular multiplayer game ‘Among Us’. Though the ultimate purpose of these fake apps is unknown, it is suspected that cybercriminals can use these apps to distribute malware to unsuspecting users.

Meanwhile, Windows 7 and Windows Server 2008 R2 operating systems have been detected to be affected by a zero-day vulnerability that can allow threat actors to gain a foothold on vulnerable systems. The vulnerability resides in two misconfigured registry keys for the RPC Endpoint Mapper and DNSCache services that are part of all Windows installations.

Top Breaches Reported in the Last 24 Hours

Baltimore County Public Schools affected
All Baltimore County Public Schools are closed from November 25 after the school system was hit with a ransomware attack. This limited access to network systems. The officials are currently investigating the matter.

Sophos security breach
Security firm Sophos is contacting a small subset of its customers about a security breach that occurred due to a misconfiguration issue. The exposed information includes the first name, last name, email address, and contact phone number of customers. The firm fixed the issue soon after it became aware of it.

Top Malware Reported in the Last 24 Hours

SSH-backdoor botnet
Researchers have come across an SSH-backdoor botnet that affects Linux devices. The infection process starts with fetching a shell-script from an URL. The URL is used as a part of the obfuscation technique. Once installed, the backdoor removes logs and the bash history.

Fake Among Us apps
More than 60 fake apps masquerading as the popular online multiplayer game, Among Us, have been discovered online. Though the ultimate purpose of these fake apps is unknown, it is suspected that cybercriminals can use these apps to distribute malware to unsuspecting users.

Top Vulnerabilities Reported in the Last 24 Hours

Zero-day in Windows 7
A zero-day vulnerability discovered in Windows 7 and Windows Server 2008 R2 operating systems can enable threat actors to gain a foothold on vulnerable systems. The vulnerability resides in two misconfigured registry keys for the RPC Endpoint Mapper and DNSCache services that are part of all Windows installations. Since these OSes have reached the end-of-life, there is no clarity if Microsoft plans to patch the flaw.

A flaw in Xbox Live patched
Microsft has patched a serious flaw in Xbox Live that allowed hackers to view anyone’s email address used to register Xbox Gamertag. Initially, Microsoft did not consider the bug to be a serious security risk.

Misconfigured CNAME records
Researchers of the Indian security firm RedHunt Labs have discovered over 400,000 subdomains whose CNAME records were misconfigured. Due to the misconfigured records, the owners of the subdomains can be targeted with subdomain takeover attacks. The most affected domains are found belonging to the e-commerce operators, and the most vulnerable subdomain is ‘www’.

 Tags

windows 7
windows server 2008 r2
xbox live
baltimore county public schools
among us game

Posted on: November 26, 2020


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.