Cyware Daily Threat Intelligence

Daily Threat Briefing • Apr 4, 2024
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Apr 4, 2024
New ransomware strains joined the cyber landscape: SEXi and Red CryptoApp. The former targeted a Chilean data center and hosting provider and demanded a hefty ransom, while the latter has its eye on multiple sectors in the U.S. Furthermore, researchers found Pikabot escalating its cyber warfare with a series of sophisticated campaigns targeting systems globally.
Progress Software has urgently issued patches for a critical vulnerability in its Flowmon network monitoring and security solution, rated with a CVSS score of 10. Along similar lines, Google addressed another Chrome zero day vulnerability exploited at Pwn2Own 2024. Palo Alto Networks researchers demonstrated it for heap corruption.
Attackers launch “wall of shame”
Netenrich researchers have identified a new ransomware group called Red CryptoApp, employing a unique tactic of publicly shaming victims on a "wall of shame" to coerce ransom payments. While the origins of operators are still unclear, experts underlined similarities with the Maze ransomware group. The ransomware targets various industries globally, with a primary focus on the U.S.
New ransomware resembles IcedID
Researchers uncovered a new malware named Latrodectus, initially observed in late November 2023. The malware saw increased usage in email threat campaigns throughout February and March 2024. Though it bears a resemblance to IcedID, Latrodectus has been confirmed as a distinct malware. It is primarily utilized by initial access brokers to download payloads and execute arbitrary commands. Its distribution was attributed to threat actors TA577 and TA578.
New SEXi ransomware claims victim
A new ransomware group dubbed SEXi targeted Chilean data center and hosting provider IxMetro PowerHost. The attack crippled the company's VMware ESXi servers and backups, leaving customers' websites and services inaccessible. The threat actors demanded an exorbitant ransom of two bitcoins per victim, totaling approximately $140 million. The ransomware was identified by its .SEXi extension.
Pikabot unleashes new campaign
Recent activities of Pikabot have unveiled its adaptive tactics, utilizing various file types like HTML, Javascript, and Excel to breach security defenses. Leveraging meticulously crafted email spam campaigns, Pikabot strategically targets victims through geographically tailored lures. Its multifaceted approach exploits vulnerabilities and user trust, exemplifying the evolving landscape of cyber threats.
Critical flaw found in network monitoring solution
Progress Software issued patches for a high-severity vulnerability (CVE-2024-2389) in its Flowmon network monitoring and security solution. The flaw allowed unauthenticated attackers to execute arbitrary system commands via the platform’s web interface. Attackers could potentially exfiltrate sensitive network configuration details, posing additional threats. The vulnerability affects Flowmon versions 11.x and 12.x.
Whitehat hackers uncover Chrome zero day
Google fixed a zero-day vulnerability, tracked as CVE-2024-3159, in its Chrome browser that was exploited during the Pwn2Own hacking competition last month. Researchers from Palo Alto Networks discovered that the flaw allowed for out-of-bounds memory access in the V8 JavaScript engine, potentially leading to data disclosure or crashes. The update also addresses other high-severity issues reported by security researchers.