Cyware Daily Threat Intelligence

Daily Threat Briefing • Dec 10, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Dec 10, 2020
Top Breaches Reported in the Last 24 Hours
EMA breached
The European Medicines Agency (EMA) was targeted in a cyberattack, in which documents associated with the vaccine development had been accessed. Pfizer and BioNTech stated that the personal details of trial participants were not stolen and the attack would not have any adverse effect on the timeline.
SQL databases on sale
More than 85,000 SQL databases are on sale on a dark web forum for a price of $550 per database. This comes under a database scheme that has been going on since at least the beginning of 2020. While the ransom scheme was initially hosted on sqldb[.]to and dbrestore[.]to, with the expansion of the scheme, the portal is currently hosted on an Onion address.
Top Malware Reported in the Last 24 Hours
APT28 propagating Zebrocy malware
APT28, a Russia-linked cyberespionage gang, has been unveiled leveraging COVID-19 phishing lures to disseminate the Go version of its Zebrocy malware. The lure was spread as a part of a Virtual Hard Disk file that can be accessed only by Windows 10 users.
MoleRATs burrowing into Facebook
An Arabic-speaking hacking group, known as MoleRATs, has been found abusing mainstream tech services, such as Dropbox and Facebook, to spy on Middle East government officials. The campaign was conducted against officials in Egypt, Palestine, Turkey, and the UAE.
SideWinder APT launched spy campaign
The SideWinder APT group launched a phishing campaign against government and military targets mainly located in Nepal and Afghanistan. The targets include the Nepali Ministries of Defense and Foreign Affairs, the Nepali Army, the Afghanistan National Security Council, the Sri Lankan Ministry of Defense, and the Presidential Palace in Afghanistan, among others.
Qbot becomes stealthier
A new Qbot malware strain switched to a stealthier persistence mechanism that takes advantage of system shutdown and resumes messages to establish persistence. The mechanism is activated right after the infected system is switched off and any traces are removed once the system wakes up or restarts.
Web skimmer plays hide and seek
Web skimmers, also known as Magecart scripts, have always found themselves in different locations, such as site logos, favicons, and live chat windows, to evade detection. However, the latest hiding place has been discovered to be inside CSS files.
Top Vulnerabilities Reported in the Last 24 Hours
Go crash an online game
Bugs in Valve’s Steam server could allow threat actors to crash games remotely and even take control over infected third-party game servers. The four flaws—CVE-2020-6016, CVE-2020-6017, CVE-2020-6018, and CVE-2020-6019—are found in Steam sockets prior to v1.2.0. The company has released the patches.
Kernel-level exploits developed
A researcher discovered kernel-level exploits for old bugs in Windows in an attempt to demonstrate threats posed by overlooked vulnerabilities in software. The vulnerabilities exist in all versions of Windows, ranging from Windows 10 to Windows 7 from 2009. This privilege escalation bug allows the complete takeover of vulnerable systems.
RCE bug in Schneider product
Cisco Talos detected two RCE bugs—CVE-2020-7559 and CVE-2020-7560—in Schneider Electric EcoStruxure. These bugs could be abused by sending the target a specially designed network request or project archive.