Cyware Daily Threat Intelligence

Daily Threat Briefing • Jun 8, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jun 8, 2020
Continuing its series of recent high-profile attacks, the Maze ransomware has now targeted the aerospace sector with its latest victim being the Texas-based VT San Antonio Aerospace. The hackers claimed to have stolen 1.5 TB of sensitive data from the firm and demanded a hefty ransom to avoid exposure of that data.
Coming to new threats, researchers published a proof-of-concept exploit for the SMBGhost vulnerability affecting Windows 10 systems. The exploit can perform remote code execution on vulnerable systems. Meanwhile, a critical flaw was also patched in the Indian government’s Digilocker app that could have allowed miscreants to bypass the one-time passwords requirement to access users’ sensitive documents.
Top Breaches Reported in the Last 24 Hours
Maze ransomware targets aerospace
The Texas-based aerospace company, VT San Antonio Aerospace (VT SAA), was targeted by the Maze ransomware gang. Following the incident, the attackers claimed to have stolen 1.5 TB of sensitive data from the company’s network.
Korean hackers break into ZEE5
A group of hackers identifying themselves as "John Wick" and "Korean Hackers" claimed to have hacked into the systems of the Indian video streaming giant, ZEE5. The attackers claimed to have stolen 150 GB of sensitive data and threatened to sell it on the underground markets.
Top Malware Reported in the Last 24 Hours
Kupidon ransomware
Researchers from MalwareHunterTeam discovered a new ransomware called Kupidon. The ransomware target both corporate networks and personal devices of individuals. It drops different ransom notes based on the targets and encrypts and appends the victims’ file names after encryption with the “.kupidon” extension.
Tekya ad fraud app
Check Point researchers found a new variant of the Tekya Android ad fraud malware family. The new variant was being distributed by masking as five legitimate-looking apps on the Google Play Store. The new Tekya variant is designed to target up to 11 different advertising networks including Admob, Facebook, and Unity. Following the discovery, Google removed the five apps from the store.
Top Vulnerabilities Reported in the Last 24 Hours
WIndows 10 SMBGhost bug
Security researchers released a proof-of-concept exploit for the infamous Windows vulnerability, SMBGhost, which is tracked as CVE-2020-0796. The new exploit can perform remote code execution on vulnerable Windows 10 systems. SMBGhost affects Windows 10 versions 1909 and 1903, including Server Core.
Digilocker
Digilocker, an app by the Indian government for securely storing personal documents, was found to have a critical flaw that could have allowed attackers to bypass mobile one-time passwords (OTP) and access the sensitive documents of any user. The flaw was fixed by the government on May 28 with the release of the latest version of the app.