Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 19, 2022

Fake sites to disguise malware delivery campaigns are among the top tactics of cyber adversaries. A hacker group was found running malicious campaigns to infect potential victims with DarkTortilla. For now, they are luring users via spam email or online ads. In another headline from the weekend, we have a security update from the Samba Team which addressed security holes across multiple versions of the free SMB implementation protocol. Hackers abusing these flaws could find a way to dominate the impacted systems.

It’s alive and kicking! The Glupteba botnet malware—that Google disrupted in 2021—is still prevalent. Recent reports suggest that it has been hiding its C&C domains on the Bitcoin blockchain. It took them about six months to launch a new campaign.

Top Breaches Reported in the Last 24 Hours

Australia’s fire and rescue service targeted

Cybercriminals knocked the website of Fire Rescue Victoria (FRV), Australia, offline, affecting most of its systems, such as network, emails, and dispatch infrastructure. The nature of the attack is unclear but it is suspected to be a ransomware attack. FRV operates 85 fire and rescue stations across the state; it has urged the community to call Triple Zero (000) as usual.

BlackCat cripples Energy firm

Colombian energy company Empresas Públicas de Medellín (EPM), which provides services to 123 municipalities, appears to have fallen victim to a BlackCat/ALPHV ransomware attack. The group allegedly pilfered different types of data, including corporate data, as per security experts.

**Major breach at SevenRooms **

After stolen data surfaced on a hacking forum, SevenRooms, a restaurant customer management platform, revealed a network intrusion episode by hackers. On the forum, attackers claimed to have extracted 427 GB of data comprising thousands of files. The company has stated that credit card or bank account data, SSNs, or any other highly sensitive information was not exposed.

Cyberattack hit top insurance firm

New Zealand’s largest insurer of medical and non-medical professionals, Medical Assurance Society, warned individuals of the possibility of personal data leaks. However, it hasn’t confirmed the compromise of any data. The breach originally occurred at one of its third-party service providers.

Top Malware Reported in the Last 24 Hours

Phishing campaign drops DarkTortilla

Security analysts at Cyble observed two phishing sites imitating Grammarly and Cisco to distribute the DarkTortilla malware. The malware is capable of adding more RAT and stealer payloads, such as AgentTesla, AsyncRAT, NanoCore, and others to an infected system. The complex .NET-based malware has been operating since 2015.

Glupteba botnet is alive

Experts at Nozomi Networks announced that they spotted an ongoing Glupteba botnet campaign, starting June 2022. Just a year ago, Google had claimed to dismantle the botnet’s infrastructure. Glupteba operators used the Bitcoin blockchain for hiding C&C domains, making it resilient to takedown efforts. It took cybercriminals roughly six months to build a new campaign.

Top Vulnerabilities Reported in the Last 24 Hours

Multiple bugs in Samba

Samba, a free software re-implementation of the SMB networking protocol, rolled out updates to patch vulnerabilities that could be abused to take over system controls. The program runs on most Unix-like systems. Samba has patched CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141 vulnerabilities with the current round of updates.

Related Threat Briefings