Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 6, 2024

In the digital cat-and-mouse game of cybersecurity, a new predator named SharpRhino has stealthily entered the fray. The RAT infiltrates systems via a typosquatting domain, masquerading as the legitimate Angry IP Scanner tool.

In the murky underbelly of the dark web, a new specter haunts the virtual corridors - CryptoKat, a previously unknown ransomware brandishing state-of-the-art encryption algorithms. Operating in stealth mode, it avoids triggering Windows pop-ups, employing tactics of Fear, Uncertainty, and Doubt (FUD) on Windows 11 to sow chaos.

Google sounded the alarm over a high-severity flaw in the Android kernel, tracked as CVE-2024-36971. Actively exploited, this vulnerability paves the way for remote code execution, threatening the sanctity of devices worldwide.

Top Malware Reported in the Last 24 Hours

SharpRhino - new RAT identified

Researchers identified a new RAT named SharpRhino during a recent ransomware incident. This malware was used by the Hunters International threat group to gain remote access to devices and progress the attack. SharpRhino is delivered through a typosquatting domain impersonating a legitimate tool, Angry IP Scanner, and uses the C# programming language. The malware can obtain high levels of permissions on devices to ensure minimal disruption during the attack.

DPRK hackers exploit bug, spread malware

The South Korean NCSC issued a warning about state-backed North Korean hackers exploiting vulnerabilities in VPN software updates to deploy malware and breach networks. The activity is linked to a nationwide industrial modernization project announced by North Korean President Kim Jong-un. Two threat groups, Kimsuky and Andariel, are identified as being involved in the attacks. The hackers used trojanized software to capture sensitive data from South Korean organizations, including construction companies and government institutions.

New CryptoKat ransomware

A new ransomware called CryptoKat has surfaced on the dark web, featuring state-of-the-art encryption using AES, fast encryption speed, unique executable files, and operates silently without Windows pop-ups. It also utilizes Fear, Uncertainty, and Doubt tactics on Windows 11 to maximize impact. Of particular concern is that the decryption key is not stored on the victim's machine. This forces victims to pay the ransom in hopes of recovering their data.

Top Vulnerabilities Reported in the Last 24 Hours

Google patches new Android Kernel bug

Google has addressed a high-severity security flaw in the Android kernel, known as CVE-2024-36971, which has been actively exploited. The flaw allows for remote code execution. While Pixel devices may also be affected, Google has not disclosed specific information about cyberattacks exploiting the flaw. The August patch addresses a total of 47 flaws, including privilege escalation issues and denial-of-service vulnerabilities. Google is working with OEM partners to apply fixes where applicable.

Second critical Apache OFBiz 0-day

SonicWall researchers have discovered a critical pre-authentication remote code execution vulnerability in Apache OFBiz, known as CVE-2024-38856, with a CVSS score of 9.8. This is the second major flaw found in Apache OFBiz recently, with the first one being in December 2023. The vulnerability, affecting versions up to 18.12.14, allows unauthenticated threat actors to execute remote code through the override view functionality. Users are advised to update to version 18.12.15 or newer to mitigate the risk. The vulnerability allows unauthenticated access to certain endpoints like forgotPassword, showDateTime, and TestService by manipulating the override view functionality.

Related Threat Briefings