Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 15, 2020

Cybersecurity threats have gone a long way as threat actors come up with a variety of new malware. Now, researchers have uncovered a new trojan named PyMicropsia that is related to the Micropsia malware family, another AridViper malware known for targeting Microsoft Windows. Two new backdoors - dubbed SharpStage and DropBook - associated with Molerats threat actor group have also been unearthed during a recent investigation of phishing attacks carried out against the Middle East.

In the past 24 hours, a major phishing attack targeted at Microsoft Office 365 employees, has also come to the notice of security experts. The attack leveraged hundreds of compromised, legitimate email accounts of different organizations.

Top Breaches Reported in the Last 24 Hours

Details of 1.9 million members leaked

A huge trove of data belonging to 1.9 million members of the Chinese Communist Party was offered for free on a Russian hacking forum. The exposed records included names, ethnicity, organizations, phone numbers, education, and addresses of the members. The data was leaked in a 293 MB CSV file.

Hurtigruten hit

Norwegian cruise company Hurtigruten has been hit in a ransomware attack. Though the amount of data loss is unknown, the company said that it has alerted relevant authorities when the attack was detected.

Automation Personnel Services leaks data

A 440 GB archive that belongs to the US-based staffing firm Automation Personnel Services was leaked on a hacking forum. The archive included company data and sensitive documents related to the Automation Personnel Services users, partners, and employees.

Top Malware Reported in the Last 24 Hours

PyMicropsia trojan

A new information-stealing trojan called PyMicropsia that targets Microsoft Windows has been found in the wild. This Python-based malware is capable of taking screenshots, keylogging, collecting information from USB drives, and stealing credentials. It has relations to the Micropsia malware family, another AridViper malware known for targeting Microsoft Windows.

Two new backdoors

The Molerats threat actor group has been found using two new backdoors - named SharpStage and DropBook - and one previously documented MoleNet malware in its recent operations. The attack starts with an email luring political figures and government officials in the Middle East to download malicious documents.

Top Vulnerabilities Reported in the Last 24 Hours

Apple patches several flaws

Apple has released security patches for several security vulnerabilities affecting its iOS and iPadOS. The most serious of these flaws could allow hackers to launch harmful code on iPhones and iPads via a malicious font file. Additionally, some of these flaws are related to memory corruption issues.

Critical Golang flaws

Golang has three vulnerabilities with its XML parser which can be exploited to bypass Security Assertion Markup Language (SAML) authentication. The flaws are CVE-2020-29509, CVE-2020-29510, and CVE-2020-296511. As of now, the Go security team has declared that there is no patch available for these vulnerabilities.

Cisco re-patches 4 flaws

Cisco has re-patched three Jabber vulnerabilities that had received their first patches in September. The three vulnerabilities in question are CVE-2020-26085, CVE-2020-27132, and CVE-2020-27127. The latest patches fixed the injection points that could be used to exploit the vulnerabilities.

Top Scams Reported in the Last 24 Hours

Microsoft Office phishing attack

Researchers have warned of a coordinated phishing attack that targeted numerous enterprises last week. The attackers leveraged hundreds of compromised, legitimate email accounts to target organizations. The victims were lured with an email that impersonated eFax. The message read as, “Tip: Switch to an annual plan – it’s like getting 2 months free every year! Call (800)958-2983 or email help@mail.efax[.]com.” The ultimate purpose of the attack was to steal employees’ Office 365 credentials.

Stimulus payments scam

The IRS and a coalition of state tax agencies are warning individuals about stimulus payment scams that lure unsuspecting individuals into sharing their personal financial information. The message promises a $1200 stimulus package to a recipient.

Related Threat Briefings