Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 11, 2020

Sometimes mitigation steps deployed to control an issue can open doors to a new problem and this is what happened with Thunderbolt port-disabled computers. The security measure that was proposed in 2019 to counter a Thunderclap flaw can now be abused to conduct Thunderspy attack. The newly discovered attack affects all computers manufactured before 2019.

Meanwhile, the Sodinokibi ransomware has enhanced its infection capabilities by adding new encryption modules. In an attempt to affect victims severely, the ransomware will be encrypting files that are already locked by other ongoing processes.

A hacker group has been found distributing the ClodCore trojan via cracked game software to infect Russian and Ukrainian users. The trojan is distributed via cracked game software.

Top Breaches Reported in the Last 24 Hours

Nearly 4 million data leaked

The credentials of nearly 4 million MobiFriend users were leaked on a hacking forum, which included birth dates, gender, website activity, mobile numbers, usernames, email addresses, and MD5 hashed passwords. The data was originally posted on the forum for sale in January. However, later it was made freely available to all.

Stadler discloses a data breach

Rail vehicle manufacturer, Stadler, disclosed a security breach that might have resulted in the compromise of the company’s data. An internal investigation revealed that intruders had compromised the IT network of the company and deployed malware on some of its machines.

DigitalOcean exposes data

DigitalOcean inadvertently exposed some of its customers’ data after a document from 2018 was unintentionally made available on the internet. The document contained email addresses, account names, bandwidth usage, and the amount paid during 2018 by those users.

Top Malware Reported in the Last 24 Hours

ClodCore trojan

Researchers have uncovered that a hacker group is spreading the ClodCore trojan through a variety of cracked game software. Once the trojan is installed, the operators use the C2 server to deliver cryptocurrency mining payloads. The attack campaign has widely affected computers in Russia and Ukraine.

Sodinokibi evolves

The Sodinokibi ransomware has evolved to add a new feature that allows it to encrypt more victims’ files, even those that are opened and locked by another process. For execution, the ransomware uses the Windows Restart Manager API to close processes or shut down Windows services while keeping a file open during encryption.

Top Vulnerabilities Reported in the Last 24 Hours

Thunderspy attack

A newly detected Intel Tunderbolt flaw can lead to a so-called Thunderspy attack on millions of PCs. The flaw affects computers manufactured before 2019 and can be exploited in less than five minutes. Experts highlight that the flaw can also lead to evil maid attacks on computers.

Flawed Oracle iPlanet Web Server

Two vulnerabilities impacting Oracle iPlanet Web Server can result in sensitive data exposure and limited injection attacks. The flaws are identified as CVE-2020-9315 and CVE-2020-9314. Since Oracle no longer supports the affected iPlanet Web Server 7.0.x, it will not issue security patches to fix the bugs.

Related Threat Briefings