Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 9, 2023

Cybercriminals preying on cybercriminals. What’s happening? A recent malware campaign was found using malicious OpenBullet configuration files to target budding cybercriminals. The campaign distributes Python-based Patent RAT via Telegram, which can steal a variety of data, including crypto wallets. In another headline, an unpatched bug in Microsoft's Visual Studio Code can allow malicious extensions to pilfer authentication tokens stored in Windows, Linux, and macOS credential managers, claimed a research group. However, Microsoft engineers don’t think it can lead to any potential damage.

Meanwhile, the Black Hat conference introduced the ‘Downfall’ vulnerability to the cyber world, which has been affecting several generations of Intel x86 processors, dating back to 2014. “The vulnerability is ideally suited for theft of encryption keys and passwords,” claimed a researcher.

Top Breaches Reported in the Last 24 Hours

LockBit threatens to leak medical data

After claiming to have hacked healthcare company Varian Medical Systems, the LockBit group is threatening to leak the stolen medical data of cancer patients. The ransomware group alleges that it has exfiltrated patient data and all databases and is prepared to publish the information on a leak site if a ransom payment is not made by August 17.

U.K voter data spilled

The U.K Electoral Commission was the victim of a year-long cyberattack that impacted the data of approximately 40 million voters. The breach was initially detected in October 2022, with evidence indicating that unauthorized access was gained in August 2021. The compromised data included personal information such as names, email addresses, home addresses, contact telephone numbers, and content of webforms and emails.

Top Malware Reported in the Last 24 Hours

Patent RAT exploits OpenBullet configs

Experienced cybercriminals are taking on script kiddies in a new malware campaign through malicious OpenBullet configuration files. Malicious configurations are shared on platforms like Telegram to deliver a Rust-based dropper and a Python-based RAT named Patent. This RAT, operating via Telegram, can steal sensitive information, including passwords, cookies, and cryptocurrency wallet data. Adversaries have made a profit in crypto worth $1,703.15 over the past two months.

QakBot operators set up new C2 servers

The operators behind QakBot appear to have established 15 new C2 servers as of late June, according to cybersecurity firm Team Cymru. The bot C2 servers are primarily located in India and the U.S., while destination IP addresses for outbound T2 connections are in the U.S., India, Mexico, and Venezuela. The recent decrease in the number of existing C2s communicating with the T2 layer is attributed to the null-routing of higher-tier infrastructure and a decline in U.S. activity.

Top Vulnerabilities Reported in the Last 24 Hours

VS Code flaw exposes authentication tokens

Researchers from Cycode have identified a security flaw in Microsoft's VS Code code editor and development environment that could allow malicious extensions to access authentication tokens stored in Windows, Linux, and macOS credential managers. These tokens are used for integrating with third-party services and APIs, making them valuable targets for attackers.

‘Downfall’ vulnerability in Intel CPUs

At the Black Hat cybersecurity conference, experts disclosed details about a security issue in several generations of Intel x86 processors, dating back to at least 2014. The vulnerability, dubbed Downfall, allows an attacker running one application to steal sensitive data, including encryption keys and passwords, from another application due to the shared use of a "register buffer" used to store data for high-speed parallel processing. The flaw challenges the basic principles of computer security by allowing unauthorized data access between applications.

Microsoft addresses 74 security flaws

Microsoft's August Patch Tuesday release fixed a total of 74 security issues, including two zero-days that were being actively exploited. Among the vulnerabilities, 23 are classified as allowing remote code execution (RCE). Of the 74 issues, six are categorized as 'Critical' and 67 as 'Important.' Additionally, three Microsoft Message Queuing Remote Code Execution vulnerabilities were among the most severe patched issues.

Related Threat Briefings