Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 21, 2020

Here’s a major update on the much-talked-about SolarWinds supply chain attack. The latest research reveals the use of a new malware named CosmicGale, which was dropped by a .NET web shell called Supernova. The new discovery is a work of another threat group that is not behind the attacks on FireEye, Microsoft, and government entities.

A Ghostwriter cyberespionage campaign that spanned over three years has also been observed by security experts. The campaign leverages compromised websites and spoofed email accounts to disseminate fabricated content.

Top Breaches Reported in the Last 24 Hours

Updates on SolarWinds attack

Latest updates on SolarWinds’ supply chain attack reveals that a second threat group has exploited the software to plant a .NET web shell called Supernova and a CosmicGale malware. The new revelation is in addition to the previously discovered backdoor malware named SUNBURST. Supernova enables adversaries to run arbitrary code on machines running the trojanized version of the software.

Ledger wallet affected

A threat actor has leaked the stolen email and mailing addresses of Ledger cryptocurrency wallet users on a hacker forum Raidforums for free. The attacker had breached the wallet by exploiting a vulnerability in the website that allowed threat actors to access customers’ contact details.

Symrise affected

Clop ransomware gang has claimed their attacks on Symrise AG by stealing 500 GB of unencrypted files. It is reported the gang has encrypted 1,000 devices of the firm.

Dozens of journalists impacted

At least 36 journalists, producers, and executives working for the Al Jazeera news agency were targeted with a so-called zero-click attack via Apple’s iMessage. The attack invisibly compromised the devices without having to trick the victims into opening a malicious link.

Top Malware Reported in the Last 24 Hours

Ghostwriter campaign

Researchers have discovered a Ghostwriter campaign that spanned over three years. The campaign leverages compromised websites and spoofed email accounts to disseminate fabricated content. Legitimate news sites are also part of the campaign.

Top Vulnerabilities Reported in the Last 24 Hours

Facebook bug

A bug found on Facebook exposed the private data of Instagram users, including their email addresses and birth dates. The bug existed in Facebook’s Business Suite tool available for Facebook business accounts. The issue was resolved quickly after it came to the notice of Facebook. The firm also confirmed no evidence of abuse.

Related Threat Briefings