Cyware Daily Threat Intelligence
Daily Threat Briefing • Jul 26, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jul 26, 2023
A new malware targeting macOS systems has emerged in the threat landscape. Tracked as Realst, the info-stealer has so far 14 variants categorized based on different evasion tactics used. It is to be noted that the attackers are already prepared with malware variants to target Apple’s forthcoming macOS 14 Sonoma release.
The BlackCat ransomware group’s extortion tactics got a new upgrade with additional API calls as attackers attempt to put more pressure on victims. This attempt aims at making the data leak site easily available to a large audience, thus, highlighting their ransom demands. A case of organizations failing to patch vulnerabilities in time has also surfaced in the last 24 hours. It is found over 900,000 MikroTik RouterOS are still vulnerable to an arbitrary code execution issue despite the release of its update in October 2022.
Third-party data breach reported
A third-party data breach at Ortivus affected the operations of several U.K NHS ambulance organizations. A statement from Ortivus says that the electronic patient records are currently unavailable and until further notice, need to be handled manually. No patients have been directly affected by the incident.
New Realst info stealer
A new malware, dubbed Realst, targeting macOS systems has emerged in the threat landscape. It is distributed via websites hosting fake blockchain games for Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, and SaintLegend. It is capable of emptying crypto wallets and stealing stored passwords and browser data. So far, there are 16 distinct variants of Realst that are fairly similar to each other, however, utilize different API call sets.
Decoy Dog malware evolves
The Decoy Dog RAT has evolved to use DNS for command and control activity, enabling attackers to move victims to different controllers, and maintain prolonged persistence on compromised machines. The malware has also expanded its reach, with at least three different actors now operating it.
New strategy adopted by BlackCat
In a new extortion strategy and to increase the visibility of its attacks, the BlackCat ransomware group added a new API that would fetch and update information about new victims. This move follows after the gang failed to engage in ransom negotiation with Estée Lauder.
Flaws patched in MSMQ service
Fortinet published details on three critical- and high-severity vulnerabilities that were patched recently in the Microsoft Message Queuing (MSMQ) service. Two of these flaws are tracked as CVE-2023-21554 and CVE-2023-28302, and can lead to remote code execution and DoS attacks respectively. Meanwhile, no CVE identifier has been provided for the third bug.
Over 900,000 MikroTik devices impacted
Over 900,000 devices remain vulnerable to an arbitrary code execution flaw in MikroTik RouterOS. Tracked as CVE-2023-30799, the issue impacts RouterOS versions before 6.49.7 and RouterOS long-term versions through 6.48.6. An attacker can abuse the flaw to escalate privileges from admin to super-admin on the Winbox or HTTP interface. The flaw has been addressed with the release of the stable version of 6.49.7.