Cyware Daily Threat Intelligence

Daily Threat Briefing • Feb 2, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Feb 2, 2021
Ransomware gangs are getting faster at encrypting networks, making it hard for security experts to stop. Now, it has come to light that RansomExx and Babuk Locker ransomware gangs are exploiting vulnerabilities in the VMware ESXi product to take over virtual machines deployed in enterprise environments.
Meanwhile, the return of the TrickBot trojan has raised concerns among security researchers. The newly discovered variant comes with a new component called masrv that can enable threat actors to perform local network reconnaissance. Additionally, Linux supercomputers are at risk of attacks as the new Kobalos backdoor malware emerges.
Top Breaches Reported in the Last 24 Hours
Unsecure Azure blob
An unsecured Microsoft Azure blob was found leaking images of hundreds of passports and identity documents of journalists and volleyball players from around the world. Investigations revealed that the leak originated from the Confédération Européenne de Volleyball (CEV) or the European Volleyball Confederation. The storage bucket was accessible for over a month before it was secured in January.
Data breach at SAO
Washington’s State Auditor office has suffered a data breach that exposed the personal information of 1.6 million employment claims. Threat actors exploited a vulnerability in a file transfer service from Accellion to breach the data.
Ransomware gangs exploit vulnerabilities
Reports reveal that BabukLocker and RansomExx ransomware gangs are exploiting vulnerabilities in the VMware ESXi product to take over virtual machines deployed in enterprise environments and encrypt their virtual hard drives. The flaws are tracked as CVE-2019-5544 and CVE-2020-3992.
**DriverSure’s suffers data leak **
The data of 3.2 million DriveSure clients was available on Raidforums hacking forum late last month. The information exposed included names, addresses, phone numbers, email addresses, IP addresses, car makers, car service records, dealership records, and car models.
Top Malware Reported in the Last 24 Hours
Trickbot improvised
Researchers have spotted a new component of the Trickbot malware that performs local network reconnaissance. Named masrv, the component enables threat actors to send a series of Masscan commands to scan the local networks for the further infection process.
Kobalos backdoor
A malware backdoor named Kobalos has been attacking Linux supercomputers, as well as several privately held servers in North America, Europe, and Asia. It grants remote access to the file system, provides the ability to spawn terminal sessions, and allows proxying connections to other Kobalos-infected servers.
Top Vulnerabilities Reported in the Last 24 Hours
Apple fixes NAT Slipstreaming attack
Apple has released security updates to address multiple vulnerabilities in macOS and Safari. These include a fix for the recently disclosed flaw (CVE-2021-1799) that can be exploited for the NAT SlipStreaming 2.0 attack.
Top Scams Reported in the Last 24 Hours
Fake PPP loan phishing
Threat actors are sending phishing emails impersonating the Small Business Administration to lure U.S. business owners with fake Paycheck Protection Program (PPP) loans. The phishing messages appear to be from the President of World Trade Finance and include a link to a Microsoft Forms survey camouflaged as a PPP registration form. The ultimate purpose is to steal the personal information of business owners.