We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 24, 2023

Researchers would like to bring everyone’s attention to a highly evasive cyberattack campaign involving the PureCrypter downloader. The campaign delivers a myriad of malware such as AgentTesla, Eternity, Redline Stealer, Blackmoon, and Philadelphia Ransomware. Meanwhile, a new remote access tool, named Atharvan, has come to light in a cyberattack operation against materials research companies. Symantec experts are clueless about who could be behind the attack or whom these hackers are acting on behalf of.

What more? Security analysts warned organizations utilizing Zoho ManageEngine products to patch a highly severe bug tracked as CVE-2022-47966. The attacks are ongoing in Australia, Canada, Italy, Nigeria, Mexico, the Netherlands, the U.K, Ukraine, and the U.S.

Top Breaches Reported in the Last 24 Hours

Third-party breach affects The Good Guys

My Rewards, a third-party supplier of Australian electrical & home appliances retailer The Good Guys, suffered a data breach that affected the PII of customers of the latter. The exposed data include names, email addresses, and phone numbers. The victim firm said its IT systems were not impacted by the attack.

Mental health records leaked

The Los Angeles school district confirmed that highly sensitive mental health records of

approximately 2,000 students have been uploaded on the dark web. The city’s school district experienced a potential ransomware attack last year, revealed an investigation by The 74. Besides PII, the leak included students’ detailed medical histories, academic performance, and disciplinary records.

Canada's second-largest telecom investigating breach

TELUS, Canada, has come across a data exposure incident after a cybercriminal posted stolen employee data samples online. The data shared by the hacker allegedly contains private source code repositories and payroll records. As the firm continues to look into the matter, it hasn’t yet found any evidence of corporate or retail customer data being affected in the incident.

Top Malware Reported in the Last 24 Hours

Using PureCrypter against Government

Security researchers at Menlo Labs laid bare an attack campaign featuring the PureCrypter downloader to target government entities. The evasive threat campaign is disseminated via Discord by an unidentified threat actor. The attack campaign leverages the domain of a compromised non-profit organization as a C2 channel to deliver its secondary payload.

Atharvan RAT by Clasiopa

A hacker group, dubbed Clasiopa by the analysts at Broadcom company Symantec, is reportedly launching attacks against organizations in the materials research sector. The group boasts a unique toolset, including the custom Atharvan backdoor. Criminals have also used modified versions of the publicly available Lilith RAT and the Thumbsender hacking tool in this attack.

Top Vulnerabilities Reported in the Last 24 Hours

Need to fix Zoho vulnerability, warn experts

Several cybercrime groups are still attempting to abuse a now-patched critical security flaw in Zoho ManageEngine products. The flaw in question is CVE-2022-47966, an RCE bug that allows a hacker to fully take over vulnerable systems. Note that the flaw affects as many as 24 different Zoho products, including Access Manager Plus, ADManager Plus, Remote Access Plus, ADSelfService Plus, Password Manager Pro, and Remote Monitoring and Management (RMM).

RCE issue in Chrome browser

Google addressed a critical RCE vulnerability affecting its Chrome web browser. The use-after-free security hole impacts the Google Chrome component identified as Prompts. By exploiting the bug, adversaries could install malware on a victim’s system simply by tricking them to visit a malicious site. This round of updates patched six high-severity bugs, with one being about a year old.

Related Threat Briefings