Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Skip to main content

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 13, 2022

The proliferation of Cybercrime-as-a-Service (CaaS) model can have far-reaching ramifications. In the last 24 hours, security experts have disclosed two new malware toolkits that are being actively promoted on popular communication platforms and underground forums. One of them is tracked as Eternity Project, which offers info-stealer, ransomware, worm, clipper, and coinminer modules. Another is an info-stealer malware builder that was used to create KurayStealer to steal credentials from Discord and 18 other apps.

In other emerging threats, the lesser-known Red Menshen threat actors have been associated with a new highly-evasive backdoor malware that targets Linux and Solaris systems. Researchers highlight that the backdoor was deployed against organizations in the U.S., South Korea, Hong Kong, Turkey, India, Vietnam, and Myanmar.

Top Breaches Reported in the Last 24 Hours

OKCIC disclosed a data breach

The Oklahoma City Indian Clinic (OKCIC) has disclosed a data breach that exposed the personal details of nearly 40,000 individuals. The data compromised in the incident includes full names, birth dates, medical records, physician information, phone numbers, social security numbers, and driver’s license numbers of customers.

Top Malware Reported in the Last 24 Hours

New KurayStealer malware

A new password-stealing malware builder is being sold on the Discord platform by a user who goes by the name ‘Portu’. Security experts have observed the first Portu-inspired malware sample, dubbed KurayStealer, in the wild. It is being used to target Discord users. Besides, it also makes use of webhooks to steal passwords, tokens, and IP addresses from 18 other apps.

New BPFdoor backdoor

A new Linux malware, dubbed BPFdoor, has been identified targeting Linux and Solaris systems. The malware can bypass firewalls, making it an ideal tool for corporate espionage and persistent attacks. It uses a Berkeley Packet Filter sniffer to parse ICMP, UDP, and TCP packets. Researchers have detected BPFdoor activity on networks of organizations in the U.S., South Korea, Hong Kong, Turkey, India, Vietnam, and Myanmar.

Top Vulnerabilities Reported in the Last 24 Hours

Zyxel fixes critical flaws

Zyxel has fixed a critical firewall vulnerability that could have allowed threat actors to gain access to devices and corporate networks. Tracked as CVE-2022-30525, the command injection flaw affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP). The impacted firmware versions are ZLD5.00 to ZLD5.21 Patch 1.

New Threat in Spotlight

New Eternity Project service

A new cybercrime service, named Eternity Project, has emerged on Telegram and dark web marketplaces. The malware toolkit offers a variety of malware such as an info-stealer, a coinminer, a clipper, ransomware, a worm, and a DDoS-based bot. According to researchers, low-skilled threat actors can leverage the service to build their own malware.

Related Threat Briefings