Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 18, 2020

The cybersecurity landscape is full of surprises, especially when it comes to new malware and attack methods. Lately, researchers have deciphered a new SoCGholish attack technique that can help cyber crooks impersonate software updates to trick users into executing malicious ZIP files. The software impersonated includes legitimate browsers, Flash, and Microsoft Teams.

There has also been a discovery of a new ransomware called CoderWare that is being distributed via fake Android and Windows Installers for the Cyberpunk 2077 game. The ransomware uses the RC4 algorithm to encrypt files.

Top Breaches Reported in the Last 24 Hours

NSA warns about cloud attacks

The US National Security Agency has issued a security advisory to warn people about two techniques that are being used to compromise local networks into cloud-based infrastructure. The advisory comes on the heel of the massive SolarWinds supply chain hack that has hit several US government agencies and private firms.

250,000 customers’ data affected

Ethical power supplier has revealed that details of its 250,000 customers have been affected due to a security flaw in its IT system. The hackers exploited the flaw in order to steal data from the system.

Top Malware Reported in the Last 24 Hours

CoderWare ransomware

Cybercriminals have been distributing fake Android and Windows installers for the Cyberpunk 2077 game which installs a ransomware called CoderWare onto the victims’ devices. These installers are distributed through cracks of copyright software and cheats.

Fake TousAntiCovid app

An unknown threat actor is making attempts to scam people using a fake COVID contact-tracing app called TousAntiCovid. The app is being used to distribute the Cerberus trojan.

Top Vulnerabilities Reported in the Last 24 Hours

Contact Form 7 flaw

A potential unrestricted file upload vulnerability in Contact Form 7 is found to have affected 5 million WordPress sites. Attackers can exploit the vulnerability to upload a file that can be executed as a script file on the underlying server. The flaw has been addressed with the release of the 7 5.3.2 version of the plugin.

Crypto authentication bypass

A severe authentication bypass vulnerability in Bouncy Castle can allow an attacker to gain access to user or administrator accounts due to cryptographic weakness. The flaw is tracked as CVE-2020-28052 and exists in the OpenBSDBcrypt class of Bouncy Castle which implements the Bcrypt password hashing algorithm.

SocGholish attack

Researchers have devised a highly active attack framework called SocGholish that impersonates legitimate browser, Flash, and Microsoft Teams updates to trick users into executing malicious ZIP files. This iFrame technique helps attackers end around basic web filtering based on website categories since they are delivered from legitimate categories.

Related Threat Briefings