Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 4, 2024

New ransomware strains joined the cyber landscape: SEXi and Red CryptoApp. The former targeted a Chilean data center and hosting provider and demanded a hefty ransom, while the latter has its eye on multiple sectors in the U.S. Furthermore, researchers found Pikabot escalating its cyber warfare with a series of sophisticated campaigns targeting systems globally.

Progress Software has urgently issued patches for a critical vulnerability in its Flowmon network monitoring and security solution, rated with a CVSS score of 10. Along similar lines, Google addressed another Chrome zero day vulnerability exploited at Pwn2Own 2024. Palo Alto Networks researchers demonstrated it for heap corruption.

Top Malware Reported in the Last 24 Hours

Attackers launch “wall of shame”

Netenrich researchers have identified a new ransomware group called Red CryptoApp, employing a unique tactic of publicly shaming victims on a "wall of shame" to coerce ransom payments. While the origins of operators are still unclear, experts underlined similarities with the Maze ransomware group. The ransomware targets various industries globally, with a primary focus on the U.S.

New ransomware resembles IcedID

Researchers uncovered a new malware named Latrodectus, initially observed in late November 2023. The malware saw increased usage in email threat campaigns throughout February and March 2024. Though it bears a resemblance to IcedID, Latrodectus has been confirmed as a distinct malware. It is primarily utilized by initial access brokers to download payloads and execute arbitrary commands. Its distribution was attributed to threat actors TA577 and TA578.

New SEXi ransomware claims victim

A new ransomware group dubbed SEXi targeted Chilean data center and hosting provider IxMetro PowerHost. The attack crippled the company's VMware ESXi servers and backups, leaving customers' websites and services inaccessible. The threat actors demanded an exorbitant ransom of two bitcoins per victim, totaling approximately $140 million. The ransomware was identified by its .SEXi extension.

Pikabot unleashes new campaign

Recent activities of Pikabot have unveiled its adaptive tactics, utilizing various file types like HTML, Javascript, and Excel to breach security defenses. Leveraging meticulously crafted email spam campaigns, Pikabot strategically targets victims through geographically tailored lures. Its multifaceted approach exploits vulnerabilities and user trust, exemplifying the evolving landscape of cyber threats.

Top Vulnerabilities Reported in the Last 24 Hours

Critical flaw found in network monitoring solution

Progress Software issued patches for a high-severity vulnerability (CVE-2024-2389) in its Flowmon network monitoring and security solution. The flaw allowed unauthenticated attackers to execute arbitrary system commands via the platform’s web interface. Attackers could potentially exfiltrate sensitive network configuration details, posing additional threats. The vulnerability affects Flowmon versions 11.x and 12.x.

Whitehat hackers uncover Chrome zero day

Google fixed a zero-day vulnerability, tracked as CVE-2024-3159, in its Chrome browser that was exploited during the Pwn2Own hacking competition last month. Researchers from Palo Alto Networks discovered that the flaw allowed for out-of-bounds memory access in the V8 JavaScript engine, potentially leading to data disclosure or crashes. The update also addresses other high-severity issues reported by security researchers.

Related Threat Briefings