Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 21, 2023

‘EvilExtractor’ - the name gives it away that nothing noble can be associated with it, let alone an education tool. A security research group recently took the wraps off this info-stealer—impersonating an education tool—after it was used in an email phishing campaign on March 30. Additionally, it comes with Anti-VM functions and environment-checking capabilities. Even competitive gamers today face a risk from cyber threats. A new scam has hit the space that especially entices Fortnite lovers. Hackers have compromised over a dozen sub-domains belonging to prominent U.S. universities, such as Stanford, Berkeley, and MIT.

That’s not all. Researchers disclosed a couple of vulnerabilities impacting Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL. The bugs could enable unauthorized access to carry out a supply chain attack on both Alibaba database services.

Top Breaches Reported in the Last 24 Hours

Capita confirms leak

The recent Capita breach may have exposed customer, supplier, and colleague data, and more. Just a few days back, the Black Basta ransomware group dumped the data stolen from the London-based professional outsourcing firm on its extortion portal on the dark web. The data shared by criminals include personal bank account information, passport scans, physical addresses, and other confidential data.

Data exposed by American Bar Association

The American Bar Association (ABA) fell victim to an intrusion that blurted out older credentials for 1,466,000 members. It is suspected that adversaries may have gained access to login credentials for a legacy member system. Security experts stated that it wasn’t a ransomware attack and no personal or corporate data is at peril.

Indian bank averts breach

A misconfiguration in the systems of India's ICICI Bank was found exposing millions of user records containing sensitive employee and user data. The data impacted include account details, bank statements, full names, dates of birth, house addresses, phone numbers, credit card numbers, emails, personal identification documents, and employees’ and candidates’ CVs.

Top Malware Reported in the Last 24 Hours

Info-stealer disguised as educational tool

FortiGuard Labs laid bare EvilExtractor - an attack tool developed to target Windows systems and extract data and files from devices. While its creator firm claimed that it is an educational tool, research revealed that it was being actively used as an info-stealer. Typically, it masquerades as an authentic file, such as a Dropbox file or an Adobe PDF document, but upon execution, it initiates malicious actions using PowerShell.

Top Vulnerabilities Reported in the Last 24 Hours

Database bug in Alibaba’s system

Security analysts at Wiz disclosed a chain of two critical flaws, dubbed BrokenSesame, in Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL. The flaws could be abused to penetrate into tenant isolation protections and access sensitive data of customers via RCE attacks on its database services. Researchers haven’t found any evidence of exploitation of the flaws in the wild.

Cisco fixes multiple vulnerabilities

Cisco released critical patches for bugs affecting its Industrial Network Director (IND) and Modeling Labs solutions. It addressed a critical-severity bug, CVE-2023-20036, in the IND web interface, which an attacker could remotely exploit to execute commands on targeted systems. The other bug, CVE-2023-20154, is present Modeling Labs. High-severity flaws in StarOS software and the BroadWorks network server also received patches.

Top Scams Reported in the Last 24 Hours

Redirect users, steal credentials

Scammers have been spotted leveraging social media reference landing page Linktree to direct victims to credential harvesting pages. They create free accounts on Linktree and use them to host malicious URLs that request users' credentials. In this scam, end users receive an email containing a rogue notification for opening the attached Microsoft OneDrive or Sharepoint file.

Fortnite and gift card spam

Threat actors compromised the Wiki and documentation pages of known universities, including Stanford, MIT, Berkeley, UMass Amherst, Northeastern, and Caltech, which were found serving Fortnite spam. Cybercriminals lured visitors to the infected sites by offering them free gift cards, Fortnite Bucks, and cheats, among other digital artifacts.

Related Threat Briefings