Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jan 12, 2021

Another day, another update on the devastating SolarWinds supply chain attack. After the discovery of Sunburst and SuperNova, researchers have unearthed another malware strain named Sunspot that was used to gain initial access to SolarWinds’s internal network.

A wave of attacks that involves the use of three RATs—Remcos, njRAT, and AsyncRAT—has also come to the notice of researchers. Dubbed Operation Spalax, the campaign is active in Columbia.

Amid all these new threats, here’s a good thing from cybersecurity space. A decryptor for DarkSide ransomware that generated millions of dollars for its operators is now available for free.

Top Breaches Reported in the Last 24 Hours

Ubiquiti suffers a breach

Ubiquiti is informing its customers about a security breach that occurred due to unauthorized access to some of its systems. The company has claimed that hackers had gained access to databases but are not sure if the user data was exposed in the incident. The exposed information includes name, email address, phone number, home address, and one-way encrypted passwords.

Socialarks affected

Chinese social media firm Socialarks has suffered a data leak leading to the exposure of over 400GB of personal data due to an unsecured Elasticsearch database. The exposed data includes information of several high-profile celebrities and social media influencers.

Top Malware Reported in the Last 24 Hours

Sunspot malware

Researchers have uncovered a third malware strain, dubbed Sunspot, involved in the recent SolarWinds hack. The malware was deployed in September 2019, when hackers first breached SolarWinds’s internal network.

Free decryptor for DarkSide ransomware

A free decryptor for the DarkSide ransomware will allow victims to recover their files without paying a ransom. The ransomware has been active since August 2020 and has generated millions of dollars for its operators.

Operation Spalax

A campaign dubbed Operation Spalax is using a trio of remote access trojans to steal confidential information from Columbian companies. Active since the second half of 2020, the infection process begins through a phishing email. The three RATs are Remcos, njRAT, and AsyncRAT.

OSAMiner variant

A new variant of OSAMiner is targeting macOS users with an aim to mine cryptocurrency. The variant uses three run-only AppleScript files to deploy the mining process on an infected macOS machine.

Top Vulnerabilities Reported in the Last 24 Hours

Typeform patches a flaw

Typeform has patched an information hijacking vulnerability that could let attackers quietly redirect form submissions containing potentially sensitive data. The flaw arose due to a design issue in the app.

GitLab addresses several flaws

GitLab has issued security patches for several vulnerabilities that could give attackers the ability to steal a user’s API access token through GitLab pages. Two of these are related to insufficient authentication and denial-of-service.

Related Threat Briefings