Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 13, 2023

New ransomware alert! It's DarkBit this time. The ransomware group has claimed one of Israel's leading research universities as its victim and demanded about $1.7 million in extortion. Researchers surmise a threat actor, disgruntled employee, or pro-Palestinian activist could be behind the attack. Have you patched the Goanywhere MFT zero-day yet? A notorious ransomware gang allegedly pilfered data from over 130 organizations by exploiting this single vulnerability, which enables attackers to remotely execute code on compromised systems.

In cybersecurity, many a time, it’s not how it appears. A flurry of DHL and MetaMask phishing emails was observed targeting numerous individuals. At first glance, the victim appeared to be somebody at the domain registrar platform, Namecheap.

Top Breaches Reported in the Last 24 Hours

California city crippled by ransomware

The City of Oakland, California, disclosed it fell victim to a ransomware attack, however, its core functions, such as 911, financial data, and fire and emergency resources faced no troubles. There is no confirmation about the attack’s impact on the City mobile devices, Office 365, NeoGov, OakWiFi, the City’s website, and more. Only computers were brought offline from the City network to contain the attack.

**Ransomware A10 Networks **

California-based A10 Networks, a networking hardware manufacturer, was targeted by the Play ransomware operators. Hackers accessed its IT infrastructure and compromised data related to human resources, finance, and legal functions. The company claimed that the incident has not compromised any of its products or solutions, or any customer information.

** Blurts out sensitive data **

Unknown hackers hijacked the networks of Pepsi Bottling Ventures LLC and deployed information-stealing malware to harvest sensitive data from its IT systems. According to the firm, full names, addresses, financial information (such as passwords, PINs, and access numbers), SSNs, passport data, State and Federal government-issued ID numbers and driver's license numbers, and more were impacted.

Top Malware Reported in the Last 24 Hours

DarkBit - New ransomware threat

A new ransomware group calling itself DarkBit has hit Technion - Israel Institute of Technology. It has demanded 80 BTC or roughly USD $1,745,200 to release the decryptor to one of Israel's leading research universities. The hacker group portrays its activities as hacktivism but the group's motives seem multi-faceted, concluded security researchers.

AsyncRAT uses Windows Help file

Experts at ASEC verified that APT campaigns are increasingly using Windows Help files (*.chm) to distribute AsyncRAT, an open-source RAT malware publicly available on GitHub. Keylogging, remote shell, and anti-VM are some of its standard features. It also has the strings required for malicious C2 and porting behavior, but they are encrypted.

Top Vulnerabilities Reported in the Last 24 Hours

10 days, 130 victims

The Clop ransomware group claimed to have successfully infected more than 130 organizations by abusing the zero-day in Fortra’s GoAnywhere MFT secure file transfer solution. The bug, tracked as CVE-2023-0669, is an RCE issue. The company immediately issued a patch and urged organizations using the software to immediately apply it. Hackers, who failed to share proof, said they did it in just ten days.

Top Scams Reported in the Last 24 Hours

DHL and MetaMask phishing scam

Email inboxes of Namecheap subscribers started to receive phishing messages last week in an attempt to dupe them into disclosing personal data or their crypto wallets' recovery phrases. Scammers impersonated DHL and MetaMask in their campaigns. Namecheap said that their own systems had not been compromised and that the upstream third-party system they employ to send emails was responsible for the campaign.

Related Threat Briefings