Go to listing page

Cyware Daily Threat Intelligence, November 27, 2020

Cyware Daily Threat Intelligence, November 27, 2020

Share Blog Post

A 13-year-old Bandook backdoor trojan has emerged from the shadows. Hackers affiliated with a group named Dark Caracal have unleashed a new wave of attacks against a multitude of industries to deploy digitally signed variants of the Bandook trojan. The victims span over 21 countries.

Meanwhile, a new security analysis has revealed many popular online stores are susceptible to SSL-related attacks that could allow threat actors to exploit and steal sensitive information. Some of the vulnerabilities are BEAST vulnerability (Browser Exploit Against SSL/TLS), POODLE, and DROWN.

In another research, a group of experts demonstrated a new form of Light-based attack that could enable attackers to take control of smart-home devices. Dubbed as ‘Light Commands’, the attack relies on the use of laser pointers.

Top Breaches Reported in the Last 24 Hours

Rand McNally affected
Chicago-based transportation technology firm Rand McNally is working to restore its network following a cyberattack that hit its systems earlier this week. Meanwhile, the firm confirmed that no customer data is affected by the attack.

Brazilian COVID-19 patients’ data leaked
The personal and health information of over 16 million Brazilian COVID-19 patients has been leaked online after a hospital employee inadvertently uploaded a spreadsheet on GitHub this month. The exposed sheet contained usernames, passwords, and access keys to sensitive government systems. Among the systems that had credentials exposed were E-SUS-VE and Sivep-Gripe, two government databases used to store data on COVID-19 patients.

Top Malware Reported in the Last 24 Hours

Bandook Windows trojan re-emerges
Hackers affiliated with a group named Dark Caracal are using digitally signed variants of Bandook Windows trojan to impact firms in different sectors. The firms are located in 21 different countries including Chile, Cyprus, Germany, Indonesia, Italy, Singapore, Switzerland, Turkey, and the U.S. The attack involves the use of Word documents as a lure to load malicious VBA code.

Top Vulnerabilities Reported in the Last 24 Hours

Light Commands attack
Expanding their research on light-based attacks, a group of academic researchers has now demonstrated successful attacks on other smart home systems such as smart-locks, home switches, and even cars. Dubbed as ‘Light Commands’, the attack which relies on the use of laser pointers can enable attackers to take control of smart home devices.

Drupal releases security updates
The developers of the Drupal content management system (CMS) released out-of-band security updates for vulnerabilities in PEAR Archive_Tar, a third-party library designed for handling TAR files in PHP. The flaws are tracked as CVE-2020-28948 and CVE-2020-28949, which can be exploited to bypass unserialization protections.

Several online stores are susceptible to attacks due to six known SSL vulnerabilities including BEAST, POODLE, and DROWN. These vulnerabilities can allow cybercriminals to carry out SSL-based attacks against online shops and their users.

Top Scams Reported in the Last 24 Hours

Zoom thanksgiving phishing
A massive ongoing phishing attack that pretends to be an invite for Thanksgiving over a Zoom meeting has been found luring users into sharing their credentials. The invite includes a link with a message that states, "You received a video conference invitation.” Clicking on the link will open a fake Microsoft login page hosted on Google's appspot.com domain. The phishing page prompts the user to enter their username and password.


drupal site
dark caracal
rand mcnally
bandook backdoor trojan
beast vulnerability

Posted on: November 27, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.