Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 12, 2020

After Grubman Shire Meiselas & Sack, another well-known law firm - Threadstone Advisors - has been hit by ransomware. Attacked by the Maze ransomware operators, the company saw the loss of sensitive data and documents. The advisory firm works for high-profile clients, such as Charles S. Cohen, Pittsburgh Brewing Co., Harrys of London, and Xcel Brands.

Meanwhile, the City of Alabama paid a ransom of $300,000 in bitcoin to recover from a ransomware attack that occurred in early June. On the other hand, the City of Knoxville became the latest city to be attacked by ransomware operators. The attack took place between June 10 and June 11, 2020.

Top Breaches Reported in the Last 24 Hours

The city of Alabama pays a ransom

The City of Alabama has paid a ransom of $300,000 in bitcoin to recover from a ransomware attack that occurred on June 5, 2020. The attack was carried out by DoppelPaymer ransomware operators.

TAIT breached

TAIT has disclosed a data breach that affected the personal and financial information of some of its employees. The breach occurred after an unauthorized party gained access to one of the company’s servers and the email accounts of several TAIT employees.

Genworth suffers a breach

Insurance firm, Genworth, has suffered a data breach after attackers used compromised login credentials to gain insurance agents’ online accounts. The breached information includes names, addresses, birth dates, financial information, and social security numbers of employees.

The city of Knoxville attacked

The City of Knoxville has shut down its IT network following a ransomware attack. The attack took place between June 10 and June 11, when the ransomware encrypted multiple systems.

Maze ransomware attacks

Maze ransomware operators have exfiltrated sensitive data from Threadstone Advisors before encrypting it. The advisory firm works for high-profile clients, such as Charles S. Cohen, Pittsburgh Brewing Co., Harrys of London, and Xcel Brands.

Top Malware Reported in the Last 24 Hours

ActionSpy malware

A newly discovered ActionSpy malware has been found targeting Android users in Tibet, Turkey, and Taiwan. The campaign is stirred by Earth Empusa, the threat actor group known for using watering hole attacks. The malware is distributed via phishing web pages, which appear to have been copied from Uyghur-related news sites.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Mitsubishi controllers

A serious denial-of-service vulnerability affecting some Mitsubishi Electric automation controllers can allow hackers to disrupt the production process in industrial organizations. The vulnerability affects Mitsubishi’s MELSEC iQ-R series CPU modules, including R00, R04 and R08, and the RJ71EN71 Ethernet interface module. The vendor has released updates to address the flaw.

Vulnerable FB Messenger

Security researchers have disclosed details about a vulnerability discovered in Messenger version 460.16. The flaw could allow attackers to leverage the app to potentially execute malicious files already present on a compromised system. Facebook has released an updated version of Messenger to address the flaw.

Related Threat Briefings