Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 15, 2023

Exposed Kubernetes clusters are under attack by cryptojackers, however, this one particular campaign is much more unusual. For the first time, crims have attempted to mine for Dero currency, that too differently. Attackers do not move laterally or scan the internet for discovering more hosts, but deploy a DaemonSet to mine Dero camouflaging as common Kubernetes log names. Moving on, Microsoft has addressed dozens of vulnerabilities haunting Windows users. It has flagged two vulnerabilities that attackers are scanning in the wild; one of them is exploited to drop Magniber payload on compromised systems.

Know why SAP products make good targets for threat actors? Because they are widely utilized by large enterprises worldwide. The ERP giant has issued updates for 19 security holes, including two 9.9-rated bugs, in its monthly release.

Top Breaches Reported in the Last 24 Hours

Ring (Amazon) suffered ransomware attack

BlackCat (aka ALPHV) ransomware actors claimed a successful intrusion on Amazon-owned home security company Ring. Malware research organization VX-underground disclosed the news where the gang wrote: “There's always the option to let us leak your data." Actors have threatened to publish the stolen data if its ransom demands are not met.

Data lay exposed for over 18 months

Top aviation firm Safran Group, according to the Cybernews research team, was exposing critical data via a publicly available environment file hosted on the open-source video-conferencing app Jitsi Meet. The incident occurred due to a misconfiguration and exposed the data for nearly a year and a half.

U.K’s largest state boarding school targeted

A sophisticated hack event has hit Wymondham College, U.K, that houses just over 1,200 students. An official has said, “A number of the College’s systems have been impacted, including access to some files and resources.” No further information on the nature of the attack, however, the school did not receive any ransom demand.

Top Malware Reported in the Last 24 Hours

Cryptojacking via Dero currency

Attackers mining digital assets via others’ infrastructure seem to have found a new boost with Dero cryptocurrency, revealed Crowdstrike. Since February, the operation has reportedly launched attacks against the Kubernetes environment of three U.S.-based servers. Threat actors potentially deployed over 4,000 miner instances during this campaign.

Malware abuses Microsoft zero-day

Cyber adversaries were found abusing a zero-day in the Microsoft SmartScreen security feature to drop the Magniber ransomware. They abused CVE-2023-24880 to deliver specially crafted MSI files. Almost 80% of the more than 100,000 malicious MSI file downloads, in recent campaigns, were linked to potential users in Europe.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft patches 80 vulnerabilities

Microsoft issued patches for 80 security issues in its recent Patch Tuesday release, including two flaws that are under active exploitation in the wild. Flaws under active exploitation are CVE-2023-23397 and CVE-2023-24880. The former can be abused to evade Mark-of-the-Web (MotW) protections. Eight of the 80 defects were classified as Critical, 71 as Important, and one as Moderate.

SAP releases product updates

Software vendor SAP rolled out updates for 19 security flaws, with five highly severe flaws concerning users of SAP Business Objects Business Intelligence Platform (CMC) and SAP NetWeaver. CVE-2023-25616, CVE-2023-23857, CVE-2023-27269, CVE-2023-27500, and CVE-2023-25617 are the critical ones. Besides, SAP fixed four high-severity and ten medium-severity security issues.

Related Threat Briefings