Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 11, 2022

Vicious tactics that helped the ModifiedElephant APT to stay under the radar for over a decade have now been uncovered by researchers. It is revealed that the group is constantly evolving its spear-phishing tactics to drop keyloggers and a wide range of trojans such as NetWire and DarkComet on infected systems.

Meanwhile, the recent rise in ransomware attacks against critical infrastructure entities has forced the CISA, FBI, and NSA to release a joint advisory for organizations. Unfortunately, the threat continues to be a matter of security concern as a TV Channel, a college, and a professional services provider came under attack in the last 24 hours.

Top Breaches Reported in the Last 24 Hours

Memorial Hermann Health attacked

The Memorial Hermann Health System is notifying patients about a cyberattack that impacted their PHI. According to the health system, the incident has affected the information of 6,260 patients. The affected information includes first names, last names, dates of birth, driver’s license numbers, and health insurance information of individuals.

Pop TV affected

A cyberattack disrupted the operations of Pop TV, Slovenia’s most popular TV channel. The attack took place on February 09, following which the employees were prevented from adding new content to the platform. The incident also impacted the servers of the company’s VOYO on-demand streaming platform.

Ransomware attack at California college

Data belonging to Ohlone Community College District (OCCD) network in Fremont, California, has been compromised in a sophisticated cyberattack. This includes Social Security Numbers, dates of birth, driver’s license number, medical information, and bank account details of individuals.

Data stolen from Optionis Group leaked

Data stolen from accounting conglomerate Optionis Group has surfaced on the dark web. Media reports suggest that the exposed data include spreadsheets for management accounts, timesheets for contractors, as well as letters associated with HM Revenue and Customs.

Top Malware Reported in the Last 24 Hours

ModifiedElephant APT pushes trojans

Detailing about the tactics of ModifiedElephant APT, researchers revealed that the attackers relied on spear-phishing emails with malicious attachments for over a decade now to launch cyberespionage campaigns. On multiple occasions, the attached documents included exploits for CVE-2012-0158, CVE-2013-3906, CVE-2014-1761, and CVE-2015-1641. The emails were used to push keyloggers, and remote access trojans like NetWire and DarkComet, and even Android malware.

Top Vulnerabilities Reported in the Last 24 Hours

Apple fixes WebKit flaw

Apple has released iOS, iPadOS, and macOS updates to address a critical WebKit security defect (CVE-2022-22620) that exposed Apple devices to remote code execution attacks. The flaw is described as a use-after-free-memory corruption issue. This is the second actively exploited zero-day that has been fixed by Apple in the first two months of 2022.

Moxa issues patches

Moxa has issued patches for five vulnerabilities found in MXview network management software. These vulnerabilities, which have a CVSS score of 10, can allow attackers to achieve remote code execution attacks. The flaws are tracked as CVE-2021-38452, CVE-2021-38456, CVE-2021-38460, CVE-2021-38458, and CVE-2021-38454.

Related Threat Briefings