Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 16, 2024

The most awaited patch for the week is here - Palo Alto Networks addressed the critical zero-day affecting its PAN-OS firewall software versions, which was also exploited in limited attacks. Meanwhile, the Ukrainian group Blackjack targeted Moscow's infrastructure using Fuxnet malware, allegedly disrupting sensors and databases. New findings suggested that a hacker group may have worked around the leaked LockBit 3.0 builder to develop a self-propagating variant, targeting organizations in West Africa. The attackers are posing as system administrators.

The security of thousands of households is jeopardized due to flawed smart locks. A critical vulnerability in Chirp Systems' smart lock was allegedly patched after the CISA intervened, revealed cyber experts. The flawed software allowed remote unlocking via hard-coded credentials.

Top Malware Reported in the Last 24 Hours

Fuxnet malware strikes Moscow

The Blackjack hacker group reportedly unleashed the destructive Fuxnet malware to target one of Moscow's internet providers and a military infrastructure, damaging emergency detection and response systems. This sophisticated malware aimed to disable 87,000 sensors and control systems. Fuxnet was deployed to lock devices, erase filesystems, disable services, and rewrite flash memory, rendering them inoperable. The malware's final objective was to disrupt sensors by flooding serial channels.

LockBit ransomware strikes again

A recent cyber incident in West Africa reignited concerns over LockBit ransomware's potency. Cybercriminals utilized a customized version of Lockbit armed with self-propagation capabilities. The attackers leveraged stolen admin credentials to breach corporate networks. The widespread use of SessionGopher script for password extraction highlights the evolving tactics. LockBit 3.0 builder was leaked in 2022 and adversaries continue to leverage it to build modified strains.

Top Vulnerabilities Reported in the Last 24 Hours

Palo Alto resolves zero-day

Palo Alto Networks fixed the critical vulnerability in PAN-OS firewall software versions 10.2, 11.0, and 11.1, exploited by a limited number of attacks. The hotfix releases (10.2.9-h1, 11.0.4-h1, and 11.1.2-h3) resolved the issue. The flaw has been under attack since March 26, enabling attackers—potentially state-sponsored—to install backdoors for persistent control over affected devices. Despite no prior threat associations, the attackers identified as UTA0218, remain linked to the ongoing malicious activity.

Smart locks vulnerable to remote unlocking

Chirp Systems' smart locks face a grave security flaw, allowing remote unlocking by exploiting hardcoded passwords and private keys in their Android app. The vulnerability, flagged three years ago by Amazon Web Services engineer Matt Brown, grants unauthorized access to locks controlled by Chirp's software, potentially affecting over 50,000 households. Experts expect it to be silently patched after it came to the CISA’s notice last month.

Related Threat Briefings