Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 23, 2020

Researchers have deciphered a lesser-known attack technique that was a part of the recently disclosed SolarWinds supply attack chain. Dubbed as Golden SAML, the technique gives threat actors a way to maintain persistent access to all of an enterprise’s ADFS federated services.

Two cyberespionage campaigns associated with the notorious Lazarus threat actor gang have also been tracked by researchers. These attacks involved the use of wAgent malware.

In a major update, the recently discovered Pay2Key ransomware has been found to be the work of the Iranian-linked Fox Kitten hacking group.

Top Breaches Reported in the Last 24 Hours

iSofH affected

Vietnamese tech firm Innovative Solution for Healthcare (iSofH) has leaked 12 million records due to a misconfigured Elasticsearch database. Struck by the infamous meow attacker, the records include information such as full names, dates of birth, email addresses, and passport details of roughly 80,000 patients and healthcare staff.

Lazarus’s attack campaign

Researchers have uncovered two attack campaigns linked to the notorious Lazarus group. The first one is an attack against a government health ministry on October 27, which resulted in the compromise of two Windows servers. The second one involves a pharmaceutical company that was breached on September 25. The malware used in these attacks was wAgent.

TennCare members hit

TennCare has announced a security breach impacting certain TennCare members. According to the statement, around 3,300 Medicaid members in the state of Tennessee have been notified of the issue.

Top Malware Reported in the Last 24 Hours

New updates on Pay2Key ransomware

Iranian-backed hacking group Fox Kitten has been linked to the Pay2Key ransomware that was recently used against organizations in Israel and Brazil. The hacking group has been active since at least 2017 and is known for orchestrating and being involved in cyber espionage and data theft campaigns. The group was responsible for selling access to compromised corporate networks on underground forums.

Golden SAML attack vector

The recently disclosed SolarWinds campaign has drawn the attention of researchers to a dangerous Active Directory Federation Services (ADFS) bypass technique. Dubbed as Golden SAML, the technique gives threat actors a way to maintain persistent access to all of an enterprise’s ADFS federated services.

Top Scams Reported in the Last 24 Hours

COVID-19 vaccine fraud scheme

The FBI is warning of ongoing COVID-19 vaccine phishing schemes that aim to steal personal information from users. Potential indicators of such fraudulent activity include offers for early access to vaccines conditioned by payment in advance, requests to pay out to receive a vaccine or to get added to a waiting list, and offers to ship doses of the vaccine in exchange for money transfers.

Facebook message scam

An ongoing Facebook message scam is luring users into parting away with their funds. The message appears to come from a person known to the user asking for financial help.

Related Threat Briefings