Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 3, 2020

The notorious Valak information stealer has been sighted in a massive cyberespionage campaign targeting enterprises in North America, South America, and Europe. Researchers have observed that the campaign is targeting organizations in the energy, healthcare, manufacturing, transportation, finance, and insurance sectors.

A new ransomware named ‘Try2Cry’ was also uncovered in the last 24 hours. The ransomware includes Worm-like capabilities and uses Rijndael algorithm to encrypt files. It later appends them using the .Try2Cry extension.

Top Breaches Reported in the Last 24 Hours

Dating apps leak data

Unsecured databases traced to five dating apps used in the U.S. and East Asia have leaked millions of customer records. These affected apps are CatholicSingles, Yestiki, SPYKX, Blurry, Charin, and Kyuun. The compromised information includes email addresses, passwords, user IDs, and mobile device information.

Light S.A affected

Sodinokibi operators have demanded a ransom of $14 million from Brazil-based electrical energy company Light S.A. The company has admitted to the attack. Further details on the impact are yet to be revealed.

V Shred data leak

A misconfigured AWS S3 bucket belonging to V Shred had leaked personal information of over 99,000 customers and trainers. The exposed data included names, email addresses, dates of birth, social media account details, and some social security numbers. However, V Shred denied the exposure of PII.

Trinity Metro hit

NetWalker gang claimed its attack on Trinity Metro by leaking some sensitive information stolen from the firm. The exposed data included content from “Accounting and HR Shared,” “Daily Operations Documents,” “Planning Documents,” and “Security.”

BMW customer data on sale

A database containing records of over 300,000 BMW car owners is being offered for sale on a dark web forum. The details include full names, email addresses, vehicle numbers, dealer names, and vehicle numbers, among others.

Top Malware Reported in the Last 24 Hours

Valak info-stealer returns

Researchers have detected the return of Valak information stealer in an ongoing campaign targeted against enterprises in North America, South America, and Europe. A common feature of these attacks is the use of password-protected ZIP files as attachments, which increases the likelihood of bypassing detection systems.

New Try2Cry ransomware

A new ransomware strain, dubbed Try2Cry, which is believed to be a variant of Stupid ransomware family has been found. The ransomware includes Worm-like capabilities and uses Rijndael algorithm to encrypt files. It later appends them using the .Try2Cry extension.

LoLBins abused

Attackers can abuse LoLBins (Living-off-the-Land Binaries) to install malware and bypass security controls, such as UAC or WDAC, on Windows systems. Typically, the attack involves fileless malware and reputable cloud services.

Top Vulnerabilities Reported in the Last 24 Hours

BG_IP vulnerabilities

Two vulnerabilities, including one with a CVSS score of 10, have been patched in the F5 BIG-IP application delivery controller. The one with a score of 10 is tracked as CVE-2020-5902 and is a remote code execution vulnerability in the Traffic Management User Interface (TMUI).

Vulnerability in PDFium

The PDF rendered inside Google Chrome, known as PDFium, is vulnerable to a memory corruption vulnerability. Tracked as CVE-2020-6458, it can allow attackers to achieve arbitrary code execution inside the browser. It affects version 80.0.3987.158 of Google Chrome.

Related Threat Briefings