Cyware Daily Threat Intelligence

Daily Threat Briefing • Mar 4, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Mar 4, 2022
Believe it or not, cybercriminals have begun feasting on the ongoing Russia-Ukraine conflict to become crypto-rich. Researchers have come across specially-crafted phishing campaigns designed around sanctions, and humanitarian aid themes that are doing the rounds on the internet. These emails either prompt users to share the details of cryptocurrency wallets or request to make payments to a private wallet. While it is no surprise that threat actors always look for opportunities to exploit current events like this, organizations, on the other hand, must bolster their best defense systems to ensure timely response in case of an attack.
In other news, the CISA has again highlighted the importance of applying security patches as it added a whopping 95 new flaws to its catalog of known exploited vulnerabilities. These include multiple flaws affecting Cisco routers, Windows systems, and Adobe Flash Player.
Top Breaches Reported in the Last 24 Hours
Update on the attack on NVIDIA
In a new update, Lapsus$ ransomware attackers have shared NVIDIA’s DLSS source code on their website. Additionally, the credentials of more than 71,000 employees have been leaked online. The data breach at the U.S. chipmaker occurred last month.
Mon Health targeted again
Monongalia Health System (Mon Health) is notifying its patients, employees, and partners of a cyberattack that affected their data. The attack against the healthcare services provider was discovered on December 18, 2021. Among the data affected were names, addresses, birth dates, health insurance information, and medical record numbers of individuals. However, the attackers could not access the organization’s health electronic record systems.
NY OAG warn T-Mobile users
The New York State Office of the Attorney General (NY OAG) warned victims of the August 2021 T-Mobile data breach after some of the stolen information ended up for sale on the dark web. This increases the risk of identity theft.
Top Vulnerabilities Reported in the Last 24 Hours
**Flawed GitLab instances patched **
Researchers have disclosed details of a now-patched security vulnerability in GitLab that could potentially allow attackers to recover user information. Tracked as CVE-2021-4191, the flaw affects several versions of GitLab Community Edition and Enterprise Edition. The CVSS score of the flaw is 5.3. It has been patched with the release of versions 14.8.7, 14.7.4, and 14.6.5.
Cisco issues new patches
Cisco has shipped new round patches for security vulnerabilities affecting Expressway Series and TelePresence Video Communication Server (VCS) products. The flaws are tracked as CVE-2022-20754 and CVE-2022-20755. They are related to an arbitrary file execution flaw and a command injection flaw in the API and web-based management interfaces of the two products, respectively.
**CISA adds 95 highly-exploited flaws **
CISA has added a total of 95 new security vulnerabilities to its catalog of known exploited vulnerabilities. This includes flaws affecting Cisco routers, Windows systems, and Adobe Flash Player. It has urged organizations and individuals to patch the flaws to prevent attacks.
Top Scams Reported in the Last 24 Hours
Cryptocurrency-related phishing attacks
Scammers are weaponizing the Russia-Ukraine conflict to target users in well-crafted phishing campaigns. The phishing emails include different subject lines to dupe victims into sharing their crypto wallet credentials or making payments in the form of cryptocurrency. In one of the campaigns, emails spoofing the login page of popular German Bitcoin marketplace bitcoin.de had targeted employees at European financial service providers. In another campaign, the email spoofed the Ukraine Red Cross Society to lure recipients into cryptocurrency donations to a private wallet.