Cyware Daily Threat Intelligence

Daily Threat Briefing • Jan 3, 2024
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jan 3, 2024
In a concerning discovery, the building blocks of a powerful ransomware are up for sale, increasing the chances of the growth of more dangerous and sophisticated ransomware variants in the cyber threat landscape. A threat actor has released a builder tool and source code of Zeppelin2 ransomware on an underground forum.
Coming to the active exploitation of vulnerabilities, the CISA has updated its KEV catalog with two vulnerabilities impacting Google Chrome and an Excel parsing library. Organizations and federal agencies are urged to apply security patches to stay safe. Meanwhile, Qualcomm has shared a list of 26 vulnerabilities impacting its various products. One of these is a critical flaw and affects two dozen Qualcomm chipsets, including Snapdragon 680 and Snapdragon 685 4G mobile platforms.
Orbit Chain loses $86 million
Orbit Chain lost $86 million in Ether, Dai, Tether, and USD Coin, following a security breach. Although the identity and origin of the attackers are yet to be determined, it is believed to be the work of state-sponsored attackers based out of North Korea. The blockchain platform is working with the Korean police authorities to track the stolen funds and has warned users to be wary of phishing sites pretending to be connected with their wallets.
**Nearly one million impacted **
According to a breach notification, Fallon Ambulance Services disclosed that around 911,757 individuals nationwide, including 20,486 Maine residents, were affected by a ransomware attack that occurred between February and April 2023. The exposed data includes names, driver’s license numbers, and non-driver identification numbers. The now-defunct ambulance service was a subsidiary of Transformative Healthcare Attack.
Gallery Systems suffers an attack
Museum software solutions provider Gallery Systems is suffering an ongoing IT outage following a ransomware attack on December 28, 2023. The incident impacted 800 museums, including the name of New York's Museum of Modern Art (MoMA), the Metropolitan Museum of Art (Met), the Chrysler Museum of Art, the Museum of Pop Culture (MoPOP) in Seattle, the Barnes Foundation, the Crystal Bridges Museum of American Art. The incident has also impacted its online public viewing platform called eMuseum, commonly used by museums and colleges to create searchable online collections. The firm has notified law enforcement authorities and is conducting an internal investigation and working to restore the impacted systems. No ransomware group has taken responsibility for the attack.
3.6 million user data stolen
A threat actor under the moniker IntelBroker reportedly stole and leaked the personal information of 3.6 million users of Cross Switch, a leading online payment gateway management platform in Africa. This included details such as full names, email addresses, phone numbers, messages, banking information, and dates of birth of users.
Xerox confirms cyberattack
Xerox confirmed that its subsidiary XBS is dealing with a security incident that involves the theft of personal information. This comes days after a ransomware group named INC Ransom claimed responsibility for the attack. Meanwhile, the incident had no impact on XBS operations or Xerox’s corporate systems, operations, and data.
Snappfood’s 3TB data stolen
A hacker group, identified as ‘irleaks’, claimed to have stolen more than 3TB of data associated with Snappfood, an online food delivery service in Iran. This includes 130 million records containing details of over 20 million customers, data from 180 million devices, data of 35,000 bikers, and records of 240,000 vendors. The company has acknowledged the breach and is actively working to identify the source.
Builder tool of Zeppelin ransomware on sale
A threat actor has put the source code and a cracked version of the Zeppelin2 ransomware builder tool for sale on an underground forum. The tool boasts various features such as file settings, ransom notes, IP logging, startup commands, task killers, and auto-unlocking busy files. The actor emphasized the ransomware’s ability to encrypt files effectively, making data recovery impossible without access to the unique private key held by them.
Qualcomm discloses 26 vulnerabilities
Qualcomm has listed a total of 26 vulnerabilities, including four critical vulnerabilities, as part of its January 2024 security bulletin. The most severe of these is described as a buffer overflow flaw (CVE-2023-33025) and has a CVSS score of 9.8. It can allow remote attacks via malicious voice calls over LTE networks. The flaw affects two dozen Qualcomm chipsets, including Snapdragon 680 and Snapdragon 685 4G mobile platforms.
CISA updates its KEV catalog
The CISA has added two flaws, CVE-2023-7024 and CVE-2023-7101, affecting Chrome and Spreadsheet::ParseExcel, respectively, to its KEV catalog, indicating their active exploitation in the wild. The flaw impacting the Spreadsheet::ParselExcel is related to remote code execution and affects versions before 0.65 of the library. The flaw affecting Chrome web browser is a heap buffer overflow issue that exists in web browsers using WebRTC.