Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 5, 2020

Maze ransomware operators are on an attacking spree. After paralyzing the systems of Cognizant, the gang has now attacked another business services firm, Conduent. The operators claimed to have breached the networks of the company in May 2020. To support their claim, they have posted 1 GB of stolen data - that includes various financial spreadsheets, customer audits, invoices, and commission statements - on their data leak site.

The past 24 hours also saw the discovery of a new ransomware called Tycoon. The ransomware has been designed to primarily target organizations in the education and software sectors. It is deployed in the form of a trojanized Java Runtime Environment (JRE) and is compiled in a Java image file to fly under the radar.

Top Breaches Reported in the Last 24 Hours

CPA Canada discloses data breach

TheChartered Professional Accountants of Canada (CPA) has fallen victim to a security breach that affected the personal information of over 329,000 members and other stakeholders. The compromised information includes both employer and employee names and addresses.

Conduent hit

Maze ransomware operators are claiming to have successfully attacked the business services giant, Conduent. As a proof, the attackers have posted 1 GB of files on their leak site and stated that they breached the network in May 2020.

Top Malware Reported in the Last 24 Hours

Malicious apps

Two malicious barcode reader apps - Barcode Reader and QR&Barcode Scanner - were removed from the Google Play Store, following the detection of suspicious activities. These apps forced users to run ads every 15-minutes while running malicious activities in the background. This caused the phone screens to crash.

Tycoon ransomware

Security researchers have uncovered a new ransomware strain, Tycoon, that is deployed in the form of a trojanized Java Runtime Environment (JRE). It leverages an obscure Java image format to evade detection. The ransomware uses the AES-256 algorithm with a 16-byte long GCM authentication tag to encrypt files.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable traffic light controller

Traffic light controllers made by SWARCO are affected by a critical vulnerability that could be exploited by hackers to disrupt a city’s traffic lights. The flaw, tracked as CVE-2020-12493, has a CVSS score of 10. The affected model is CPU LS4000. Swarco has patched the flaw soon after it was made aware by researchers.

Chrome 83.0.4103.97 released

Google has released Chrome 83.0.4103.97 for Windows, Mac, and Linux Operating Systems. This latest update addresses five security flaws, out of which four are high-severity vulnerabilities. In addition to this, Google has also addressed two medium-severity vulnerabilities, tracked as CVE-2020-6497 and CVE-2020-6498, in Chrome 83.0.4103.88 for the iOS release.

Related Threat Briefings