Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Skip to main content

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 28, 2023

Malware actors have once again put flawed WordPress sites to their use. In a recent campaign, adversaries distributed a couple of malware through the DBatLoader malware loader to target European entities. The payload is disbursed through compromised WordPress sites with authorized SSL certificates. In other news, fake keygens and cracks also made a comeback to spread the new LummaC2 Stealer. It is capable of extracting a wide range of sensitive data, including crypto wallets, browser data, and screenshots. The malware distribution rate is approximately once a week.

If you are using some older devices of Apple, this new update is for you. Security experts have spotted an actively exploited zero-day across older releases of Apple products. An actor can either crash the running OS or execute arbitrary code on devices; kindly update.

Top Breaches Reported in the Last 24 Hours

Repeated intrusions against telecom giant

Lumen Technologies disclosed a ransomware incident affecting a limited number of its servers. While it was in the process of amping up its defenses, the security team discovered yet another intrusion wherein an attacker accessed the company’s internal IT systems and retrieved a small amount of data. Further, Lumen did not reveal the name of the ransomware strain.

Nuclear attacks get ‘Bitter’

The nuclear energy sector of China is reportedly facing threats from Bitter, a South Asian APT. The group specializes in using Excel exploits, Windows Installer (MSI) files, and Microsoft Compiled HTML Help (CHM) files. Besides, the group is infamous for targeting energy and government organizations in Bangladesh, Pakistan, China, and Saudi Arabia.

New victim in education sector

Tanbridge House School, Sussex (U.K), was struck by a ransomware attack on March 10, knocking systems for staff and students offline. The incident, however, recently came to light after the Ransom House threat group listed its name on its extortion site. The school has not clarified anything about the nature of the data affected, though hackers claimed to have harvested the PII of the staff and students.

Top Malware Reported in the Last 24 Hours

IcedID transforms to Standard, Lite, Forked

Proofpoint analysts uncovered three variants of the IcedID banking Trojan— Standard, Lite, and Forked—that focus on additional payload and bot delivery, respectively. According to experts, the initial developers of Emotet and IcedID operators have worked together on the Lite version. Meanwhile, the new threat group TA581 was observed using the Forked version. All in all, at least three threat actors exploited the new variants of IcedID.

DBatLoader drops Remcos and Formbook

A new phishing campaign has surfaced to drop Remcos RAT and Formbook malware through DBatLoader malware loader, revealed Zscaler researchers. The campaign is aimed at compromising systems in Europe. Actors also leverage a multi-layered obfuscated HTML file and OneNote attachments to propagate the DBatLoader payload.

LummaC2: new infostealer

Fake software programs, such as cracks and keygens, are being used to infect online users with LummaC2 Stealer. First discovered on March 3, the fake program pages redirect users multiple times before landing them to the malicious page for malware distribution. LummaC2 Stealer appears to be available in three different forms currently.

Top Vulnerabilities Reported in the Last 24 Hours

Apple updates older iPhones and iPads

Apple issued a new round of updates against an actively exploited zero-day. Tracked as CVE-2023-23529, the bug impacts older iOS, iPadOS, and macOS versions. A third party can abuse the bug to gain arbitrary code execution or crash the vulnerable OS. The flaw concerns all models of iPhone 6s and iPhone 7, 1st generation iPhone SE, iPad Air 2, 4th generation iPad mini, and 7th generation iPod touch devices.

Bug in Korean certificate software

MagicLine4NX, a non-ActiveX joint certificate program developed by the Korean company Dream Security, was found vulnerable to RCE attacks. Experts at AhnLab have also confirmed the exploitation of this flaw in the wild. An attacker performed malicious code injection into the svchost.exe process before downloading and executing their malware.

Related Threat Briefings