We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jan 6, 2023

Threat actors have once again set their sights on the macOS platform through the new variant of the Dridex banking trojan. The malware authors deliver malicious documents—containing booby-trapped macros—via social engineering attacks. A trio of ransomware strains was also reported in the past 24 hours. IOCs of the three strains, dubbed Monti, BlackHunt, and Putin, have been detailed by FortiGuard Labs researchers.

Cross-Origin Resource Sharing (CORs) bugs have been addressed in Tesla’s IT infrastructure. CORs is a browser security protocol. Anyone exploiting the bug could have harvested data from Tesla’s internal network.

Top Breaches Reported in the Last 24 Hours

Hundreds of U.S. counties offline

Hundreds of local governments got the taste of the pen-and-paper era after a third-party breach at Cott Systems, a digital records management vendor. It helps counties manage government data including public records, court cases, and land records, while also processing marriage licenses and birth certificates.

**Data breach at U.S. burger chain **

Fast food restaurant chain Five Guys suffered a breach impacting the personal data of job applicants. Exposed information includes names, SSNs, and driver’s license numbers. No information was disclosed about whether the attack occurred due to a ransomware attack or someone pilfered it through a mismanaged cloud storage instance.

Over a dozen U.K. school impacted

Hackers appear to have leaked sensitive data from 14 schools in the U.K. The incident has impacted students' data such as SEN information reports, passport scans, and staff’s contract details and pay scales. It is alleged that the Vice Society ransomware group could be involved.

Top Malware Reported in the Last 24 Hours

Decryptor for MegaCortex out

Bitdefender released a decryptor for the MegaCortex ransomware family. The operators of ransomware, arrested in October 2021, were responsible for nearly 1,800 infections. Other entities who participated in developing the decryptor include Europol, the NoMoreRansom Project, the Zürich Public Prosecutor's Office, and the Zürich Cantonal Police.

Monti, BlackHunt, Putin ransomware

FortiGuard Labs disclosed the discovery of Monti, BlackHunt, and Putin ransomware. Monti ransomware is mainly designed to encrypt files on Linux systems, however, Monti variants also work on Windows. BlackHunt relies on vulnerable Remote Desktop Protocol (RDP) configurations, whereas Putin is typical ransomware extorting money from victims.

Dridex sample macOS

A variant of Dridex banking malware surfaced to target macOS users. The malware now drops maldocs with embedded macros to users while not posing as invoices or other business-related files. Dridex is infamous as an information stealer for stealing sensitive bank-related data from users.

Top Vulnerabilities Reported in the Last 24 Hours

Tesla addresses CORs misconfiguration

Electric car maker Tesla fixed Cross-Origin Resource Sharing (CORS) flaws that could let a hacker exfiltrate data from the carmaker’s internal network. CORS refers to a browser security mechanism that restricts scripts outside of a given domain. Truffle Security, which reported the bug, claimed that overly permissive configurations can invite cross-domain attacks.

Related Threat Briefings