Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 14, 2020

State-sponsored threat actors are always on the lookout for new ways to target sensitive networks. In one such instance, Russian hacker group APT29 was allegedly found to have targeted the US Treasury and the Department of Commerce, along with firms like Microsoft, FireEye, AT&T, in a massive cyberespionage campaign. The hackers leveraged a backdoor in a software provided by SolarWinds.

Meanwhile, researchers have discovered new malware threats targeting internet-connected databases. The first one, named PgMiner, is a botnet operation targeting PostgreSQL databases to install a cryptominer. The other threat, dubbed “PLEASE_READ_ME”, was found stealing data from MySQL servers and leaving behind ransom notes.

Top Breaches Reported in the Last 24 Hours

U.S. federal agencies breached

Russian state-linked hacker group APT29 allegedly targeted the US Treasury, the Commerce Department's National Telecommunications and Information Administration (NTIA), and other government agencies using a backdoor in SolarWinds backdoor.

Habana Labs hit by ransomware

AI processor developer Habana Labs suffered an attack by the Pay2Key ransomware where data was stolen and leaked by the threat actors. The leaked data included business documents and source code images.

Hackers exploit Subway UK

Hackers have compromised a marketing system in Subway UK and used it to send out phishing emails to deliver TrickBot malware to its customers. The malicious emails included a link to a weaponized Excel document containing confirmation of an alleged order.

Top Malware Reported in the Last 24 Hours

PgMiner botnet campaign

Security researchers discovered a botnet operation dubbed PgMiner that targets PostgreSQL databases to install a cryptocurrency miner. The malware performs brute-force attacks against internet-accessible PostgreSQL databases.

Ransomware campaign targets MySQL

A new ransomware campaign dubbed “PLEASE_READ_ME” was found targeting MySQL servers through brute-force attacks. After breaching a database, the attackers run a sequence of queries in the database to gather and ultimately exfiltrate all the user data.

Top Vulnerabilities Reported in the Last 24 Hours

Flaws in Steam

Several critical security vulnerabilities (CVE-2020-6016 through CVE-2020-6019) in the Steam gaming platform could allow attackers to take over hundreds of thousands of vulnerable systems remotely.

Insecure communication in WinZip

Researchers found that unencrypted communications in WinZip 24 could allow attackers to use techniques like DNS poisoning to trick the application to fetch “update” files from malicious web servers instead of legitimate WinZip update hosts.

Top Scams Reported in the Last 24 Hours

Bitcoin scam ads

An investigation by The Guardian found unauthorized images of several celebrities that were used in bitcoin scam ads to target Australians as part of a highly organized global business that uses five addresses in the center of Moscow.

Related Threat Briefings