Cyware Daily Threat Intelligence

Daily Threat Briefing • Dec 28, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Dec 28, 2020
Microsoft-owned GitHub, one of the popular code hosting platforms, is often targeted by cyberattackers to plant malicious code. In one such incident, researchers found a new strain of malware that downloads a Powershell script from GitHub. Linked to the MuddyWater APT group, the ultimate purpose of the attack is to execute the Cobalt Strike payload on Windows systems.
In other news, Google Project Zero has unveiled a Windows zero-day vulnerability that arises due to a previously patched flaw affecting Internet Explorer. The new flaw is related to a privilege escalation issue in splwow64.exe.
Moreover, a new zero-day flaw was identified to be a part of the well-organized SolarWinds supply chain attack, which enabled attackers to deploy the Supernova malware.
Top Breaches Reported in the Last 24 Hours
The Hospital Group targeted
Manchester-based The Hospital Group has suffered a massive ransomware attack carried out by REvil hackers. The hackers have stolen 600 GB of personal and financial data belonging to customers. They have, furthermore, threatened to leak the data in different phases from plastic surgery-related photos of patients. The group also plans to leak financial documents displaying contact and personal details of patients.
Neopets leaks data
Several sensitive information belonging to the Neopets website is being offered for sale on an online forum. The exposed data includes credentials needed to access company databases, employee emails, and even repositories containing the proprietary code for the site.
Koei Tecmo affected
Japanese game developer Koei Tecmo has disclosed a data breach after its stolen data was posted on a hacker forum. Following the breach, the firm has taken down its European and American websites.
Top Malware Reported in the Last 24 Hours
GitHub used to download malware
A new strain of malware, tied to the MuddyWater threat actor group, is using Word files with macros to download a PowerShell script from GitHub. The PowerShell script further downloads a legitimate image file from Imgur to execute the Cobalt Strike script on Windows systems.
Top Vulnerabilities Reported in the Last 24 Hours
A flaw in the fix
Google Project Zero has disclosed a Windows zero-day vulnerability that arises due to an improper fix for CVE-2020-0986, a security flaw abused in a campaign dubbed Operation PowerFall. Tracked as CVE-2020-17008, the new vulnerability can be abused by changing the exploitation method for CVE-2020-0986. The flaw is likely to be patched in January 2021.
A new zero-day flaw exploited
In addition to the discovery of the new malware strain Supernova, a new zero-day vulnerability tracked as CVE-2020-10148 has come to the notice of researchers investigating SolarWinds' supply chain attack. Identified as an authentication bypass flaw, it can allow a remote attacker to execute API commands. The flaw has now been patched by SolarWinds.