Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 5, 2023

It seems we may have bumped across one of the fastest ransomware strains ever observed. Named Rorschach, it encrypts files within four minutes and 30 seconds, on average, as per a controlled study. The previous record belonged to LockBit 3.0 that would take about seven minutes. Google Chrome 112 has been unveiled by the tech giant. For us, the highlight of the release is 16 different security issues that the company patched for an uninterrupted web browsing experience. The bugs range from heap buffer overflow issues to out-of-bounds or insufficient policy enforcement issues.

Separately, an affiliate of the Blackcat/ALPHV ransomware group was observed to gain initial access to publicly exposed Veritas Backup Exec installations. Security experts found over 8,500 installations susceptible to cyberattacks.

Top Breaches Reported in the Last 24 Hours

Unprotected database risks sensitive data

Online gaming marketplace Z2U inadvertently exposed 600,000 highly sensitive customer records owing to a misconfigured database. The storage blob contained data such as credit card images, ID documents, and other confidential information. Further investigation disclosed that Z2U users have also been selling potentially compromised accounts worldwide.

Florida healthcare experiences attack

The computer network of Tallahassee Memorial HealthCare, Florida, was hijacked between January 26 and February 2, 2023, to access certain files from its systems. The compromised information includes patients' personal and medical and treatment-related data. No financial account or payment card information was compromised during the attack, it claimed.

Top Malware Reported in the Last 24 Hours

Arid Viper upgrades toolset

Cyberespionage group Arid Viper was observed using updated versions of its custom backdoors - Micropsia and Arid Gopher, in a new attack campaign. It compromises targets to steal credentials and other critical data. Experts at Symantec claimed that cybercriminals have gone to greater lengths to achieve persistence on targeted networks.

Rilide exploits crypto exchanges

Security analysts at Trustwave SpiderLabs laid bare a new malware, dubbed Rilide, that can steal cryptocurrency by abusing multiple Chromium-based browsers, such as Google Chrome, Opera, Microsoft Edge, and Brave. It reportedly arrives in the disguise of a legitimate Google Drive extension.

Typhon Reborn version 2

The developers of Typhon Reborn, an information-stealing malware, launched an upgraded version (V2), revealed Cisco Talos. This version has enhanced anti-analysis and anti-virtual machine features, making it challenging to detect and analyze. Researchers have already identified multiple instances of the malware in the wild. Criminals use the Telegram API to extract and transfer sensitive data to its C2.

Rorschach may have Babuk connections

A new ransomware strain, named Rorschach, was unveiled by Check Point Research. The ransomware boasts an advanced level of customization and fast encryption, which sets it apart from other strains. Furthermore, an in-depth examination of Rorschach's source code indicates similarities with the Babuk ransomware family. Its attacks have been reported in Asia, Europe, and the Middle East.

Top Vulnerabilities Reported in the Last 24 Hours

Android patches critical bugs

The April 2023 Android security bulletin from Google is out. It has fixed a total of 26 vulnerabilities in the Framework and System components. While 16 issues were addressed in System, two of them, named CVE-2023-21085 and CVE-2023-21096, were critical-severity Remote Code Execution (RCE) bugs. These severe issues could lead to RCE attacks with no additional interaction required from users.

Critical bug impacts LaserJet printers

HP released a security bulletin stating that a critical flaw affecting its business-grade printers may take up to 90 days to be patched. The flaw tracked as CVE-2023-1707 affects roughly 50 models of HP Enterprise LaserJet and HP LaserJet Managed Printers. A hacker could abuse the bug to access sensitive information in transmission between the flawed HP printers and other devices connected to the same network.

Bugs in Veritas Backup software

UNC4466, tracked as an affiliate of ALPHV/BlackCat ransomware, was observed abusing three security holes in the Veritas Backup Exec product. The high-severity flaws targeted by the group include CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878. In spite of a fix released in 2021, several endpoints are vulnerable even today.

Google Chrome 112 updates

Patch update for Google Chrome 112 addressed 16 vulnerabilities affecting Windows, Mac, and Linux systems, out of which 14 were reported by external researchers. One of the most severe bugs is a heap buffer overflow bug in Visuals, identified as CVE-2023-1810. Three low-severity flaws, reported by external researchers, concerned the WebShare, Navigation, FedCM components.

Related Threat Briefings