Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 25, 2020

Amidst the ongoing global pandemic, cybercriminals continue to find new ways to target organizations. Now, the operators behind the Nefilim, CLOP, and Sekhmet ransomware attack campaigns have created data leak websites to publish stolen data from victim organizations. The attackers use this tactic to name and shame victims who do not pay a ransom.

In other news, a security researcher discovered a critical remote code execution flaw affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other networking devices. Meanwhile, Apple released seven security updates to address dozens of security vulnerabilities affecting its iOS, macOS, watchOS, iPadOS, and tvOS.

Top Breaches Reported in the Last 24 Hours

Stolen data from ransomware attacks

Following in the footsteps of other notorious ransomware actors, the operators behind the Nefilim, CLOP, and Sekhmet ransomware attack campaigns have created websites to publish stolen data. While the Nefilim ransomware actors posted data from two companies, the CLOP leaks website featured four affected companies and the Sekhmet website listed one company.

Email error breach

Watford Community Housing, a housing association in the UK, suffered a data privacy incident due to a mailing error. The association inadvertently shared the sensitive personal data of 3500 residents including sexual orientation and ethnicity, during a contact email update exercise.

Top Malware Reported in the Last 24 Hours

TrickMo android malware

Security researchers at IBM X-Force discovered that the TrickBot????? trojan gang is using a malicious Android application to bypass two-factor authentication (2FA) protection in online banking. The Android app, dubbed TrickMo, is capable of intercepting a wide range of transaction authentication numbers (TANs) including one-time password (OTP), mobile TAN (mTAN), and pushTAN authentication codes.

New Milum RAT

Kaspersky researchers discovered an attack campaign dubbed WildPressure that targets organizations with a new Remote Access Trojan (RAT) named Milum. According to the researchers, Milum is a fully-developed trojan with “solid capabilities for remote device management” of a compromised host.

Coronavirus finder app

Security researchers discovered a new Android banking trojan disguised as the ‘Coronavirus Finder’ app that purports to show a map detailing the number of people in the area with the Covid-19 virus infection. While asking users for a payment of €0.75 to view the map, the app sends their card details to attacker-controlled servers.

Top Vulnerabilities Reported in the Last 24 Hours

OpenWrt RCE bug

A security researcher uncovered a critical remote code execution flaw affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other networking devices. Tracked as CVE-2020-7982, the flaw resides in the OPKG package manager of OpenWrt and it arises out of the way it performs integrity checking of downloaded packages using the SHA-256 checksums embedded in the signed repository index. It could allow an attacker to gain complete control over the targeted OpenWrt network device, and subsequently, over the network traffic it manages.

Apple releases patches

Apple released a total of seven security updates to address vulnerabilities in its various devices. For the iOS, the 13.4 update includes fixes for 30 security issues including remote code execution, information disclosure, and cross-site scripting bugs. On the other hand, the macOS Catalina 10.15.4 security update fixes 26 flaws including a sudo bug (CVE-2019-19232) that allows command execution through a non-existent user and a restricted memory access flaw in the Intel Graphics Driver (CVE-2019-14615).

VMWare patch release

VMware released an update for the macOS version of Fusion to fix a privilege escalation vulnerability tracked as CVE-2020-3950, for which it initially released an incomplete patch in version 11.5.2. Now, the company released version 11.5.3 to provide a complete patch for the vulnerability. However, the researchers who discovered the vulnerability claim that the update does not resolve the issue as a new proof-of-concept (PoC) exploit could be created to bypass it.

Related Threat Briefings