Go to listing page

Cyware Daily Threat Intelligence, January 21, 2021

Cyware Daily Threat Intelligence, January 21, 2021

Share Blog Post

The illicit trade of stolen data continues to flourish on the dark web. Now, a data trove of 77 million user records of Nitro PDF was leaked online. BuyUCoin suffered a similar fate with sensitive personal and financial details of 325,000 users getting leaked on the dark web.

On the malware front, a new malvertising campaign, dubbed LuckyBoy, was found targeting iOS, Android, and Xbox users. Meanwhile, the attackers behind the CursedGrabber malware family made a comeback with three malicious NPM packages.

The last 24 hours also saw the discovery and mitigations for a number of critical vulnerabilities affecting software made by Cisco, SAP, Google, and Facebook, among others.

Top Breaches Reported in the Last 24 Hours

Nitro PDF database leaked
Hackers leaked a 14GB database containing the names, email addresses, and passwords of more than 77 million Nitro PDF user records for free. Moreover, the database has been added to the “Have I Been Pwned” service which lets victims to check if their data has been compromised and leaked on the Internet.

BuyUCoin user records exposed
The sensitive data of 325,000 users of the BuyUCoin cryptocurrency exchange was leaked on the dark web. It included the users’ names, e-mails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details, and deposit history.

MyFreeCams database sold on hacker forum
A database of 2 million user records belonging to MyFreeCams, an adult streaming site, is being sold on a hacker forum. In December 2020, the data was exfiltrated from the company servers via an SQL injection attack.

Top Malware Reported in the Last 24 Hours

LuckyBoy hits mobile users
A malvertising campaign, dubbed LuckyBoy, has been found targeting iOS, Android, and Xbox users by leveraging obfuscation and cloaking techniques to avoid detection. Since last month, the malware has penetrated more than 10 demand-side platforms (DSP) and impacted users in the U.S. and Canada.

More insights into SolarWinds hack
Microsoft released a report outlining the activities and the techniques of the threat actor behind the SolarWinds attack, including their anti-forensic behavior, malware delivery methods, and operational security (OPSEC).

The return of CursedGrabber attackers
Researchers reported the return of the attackers behind the CursedGrabber malware family, which utilizes brandjacking and typosquatting techniques against software supply chains. The attackers published three new malicious NPM packages designed to steal information.

Top Vulnerabilities Reported in the Last 24 Hours

Logic flaws in video chat apps
Researchers at Google discovered logic bugs in multiple video chat apps, such as Signal, JioChat, Mocha, Google Duo, and Facebook Messenger. The now-patched bugs could have allowed attackers to eavesdrop on their targets even before they accepted an incoming call.  

NVIDIA patches Shield TV and GPU Display Driver
NVIDIA has newly disclosed three security flaws in Shield TV, which could lead to denial of service, escalation of privileges, and data loss. Additionally, the company also issued an updated security advisory for a number of security bugs in its GPU Display Driver.

Critical bugs in Cisco SD-WAN
Cisco issued patches for eight critical vulnerabilities in its SD-WAN solutions for business users. All these vulnerabilities, comprising buffer overflow, command injection, and insufficient input validation issues, were given CVSS scores of more than 9 out of 10.

Exploit for SAP SolMan flaw
A functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager (SolMan) product was made public on GitHub. Tracked as CVE-2020-6207 and having a CVSS score of 10, the security flaw is a missing authorization check in the EEM Manager component of SolMan.

Top Scams Reported in the Last 24 Hours

Credential stealing campaign
A new large-scale, global phishing campaign was found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to over a thousand corporate employees. The stolen credentials were, incidentally, left exposed to the public internet.


facebook messenger
malicious npm packages
critical security patches
google duo

Posted on: January 21, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite