Cyware Daily Threat Intelligence

Daily Threat Briefing • Feb 24, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Feb 24, 2022
Cyberattacks against PLC systems, ICS devices, and OT networks are increasing in volume and variety as nefarious activities of three new cybercriminal outfits have come under the scanner of researchers. Tracked as Kostovite, Petrovite, and Erythrite, these new groups are actively targeting organizations in the energy sector to gain direct access to the firms’ infrastructure, move laterally, and steal data.
A unique covert hacking tool used by the Equation Group threat actors has also been unraveled by security experts. Dubbed Bvp47, the malicious implant sports a two-way communication mechanism to exfiltrate sensitive data. Furthermore, in a major revelation, researchers have
unearthed similarities between the Dridex trojan and a little-known ransomware called Entropy.
Top Breaches Reported in the Last 24 Hours
Asustor NAS devices hit
Owners of Asustor NAS devices were left without access to their devices owing to an attack by DeadBolt ransomware. The victims were asked to pay a ransom of 0.03 Bitcoin to receive the decryption key.
Top Malware Reported in the Last 24 Hours
25 malicious npm packages
Researchers detected around 25 malicious npm packages, 17 of which were designed to steal Discord tokens. If attackers got access to these tokens, they could use them to infiltrate a victim’s account and hijack Discord servers. The researchers also noted that many of the packages masqueraded as the colors.js npm package.
Update on Dridex trojan
In a new update, researchers have found similarities between the prominent Dridex trojan and a little-known Entropy ransomware. The similarities are in the software packer used to conceal the ransomware code, in the obfuscation commands, and in the subroutines used to decrypt encrypted text.
Top Vulnerabilities Reported in the Last 24 Hours
An unpatched flaw in Webmail
A nine-year-old unpatched security vulnerability in Horde Webmail could be abused to gain complete access to email accounts. This could give the attackers access to all sensitive information stored in the victim’s email account. This cross-site scripting flaw is triggered when a targeted user views an attached OpenOffice document in the browser.
Critical vulnerabilities in Extensis Portfolio
Several critical vulnerabilities, including a zero-day flaw, have been identified in Extensis Portfolio. Five of these flaws have received patches and are tracked as CVE-2022-2451, CVE-2022, 24255, CVE-2022-24252, CVE-2022-24254, and CVE-2022-24253. The zero-day flaw is yet to be addressed by the vendor.
CISA warns about flaws in Zabbix tool
The CISA has added two critical Zabbix flaws to its Known Exploited Vulnerabilities catalog. These flaws are tracked as CVE-2022-23131 and CVE-2022-23134. They can be exploited to bypass authentication and gain administrator privileges, which further could allow the execution of code remotely.