Go to listing page

Cyware Daily Threat Intelligence, November 11, 2021

Cyware Daily Threat Intelligence, November 11, 2021

Share Blog Post

There’s a new Golang-based botnet in town. Dubbed BotenaGo, the malware includes more than 30 different exploits and has the potential of targeting millions of routers and IoT devices. Researchers believe that the new botnet is being used by Mirai operators to target specific machines.

The discovery of two fresh malicious apps has also unfolded the return of Joker malware. Called 'Smart TV remote' and 'Halloween Coloring', these apps have been downloaded more than 1,000 times.

Marking the Android updates for November 2021, Google has issued advisories for overall 39 security flaws affecting its Framework and System components. Most of these flaws can be abused to conduct remote code execution attacks.

Top Breaches Reported in the Last 24 Hours

HPE discloses cyberattack
HPE has disclosed a cyberattack that resulted in the compromise of its Aruba Central network monitoring platform. This allowed attackers to access the data repositories that contained information about monitored devices and their locations.

Over 3,500 organizations targeted
A hacker-for-hire group called Void Balaur has been stealing emails and confidential information for more than five years. The stolen data is sold by the threat actors for both financial and espionage goals. So far, the gang has targeted more than 3,500 organizations across all continents. The affected organizations are from the telecom, retail, financial, and healthcare sectors.

Telnyx affected by DDoS attack
Telnyx, a VoIP provider, was targeted with DDoS attacks, causing widespread outages. This caused all telephony services to fail or be delayed. The firm took immediate steps to mitigate the attacks.

Top Malware Reported in the Last 24 Hours

MasterFred malware
MasterFred is a newly discovered Android trojan that makes use of false login overlays to Netflix, Instagram, Twitter, and bank users. The ultimate goal of the trojan is to steal credit card information. The malware is currently being used against users in Poland and Turkey.

Mac malware updated
Researchers encountered new versions of OSX/Wizardupdate and OSX/Bundlore. Both the versions are being distributed via cracked software posing as Flash Player installers.

BotenaGo botnet
BotenaGo is a newly found botnet that has more than 30 different exploits to target routers and IoT devices. It is written in the Go language and is believed to be used by Mirai operators. The botnet is still under development.

Joker malware returns
Joker malware is being distributed via two malicious apps available on Google Play Store. These apps are ‘Smart TV remote’ and ‘Halloween Coloring’ and have been downloaded more than 1000 times.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable WP Reset PRO plugin
A critical security vulnerability in the WP Reset PRO WordPress plugin could be exploited to wipe out a website. An attacker can further exploit the flaw to upload malicious plugins or even install backdoors. The flaw has been addressed in version 5.99 of the plugin.

Zero-day flaw detected
A new zero-day vulnerability disclosed in Palo Alto Networks GlobalProtect VPN can be abused to execute arbitrary code on affected devices. The flaw is tracked as CVE-2021-3064 and has a CVSS score of 9.8. It affects versions earlier than PAN-OS 8.1.17. The security bug stems from a buffer overflow that occurs while parsing user-supplied input.

Google issues advisories
Google has issued advisories for 39 security flaws affecting Android OS as part of the November 2021 Android security bulletin. Eighteen of these flaws affect Framework and System components.


halloween coloring app
void balaur
wp reset pro wordpress plugin
masterfred malware

Posted on: November 11, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite