Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 26, 2022

Cybercriminals are well-versed with the extensive use of VMware ESXi in enterprise settings for server virtualization. Recently, a new malware strain named Cheerscrypt has joined the league of ransomware actors attacking ESXi servers. Browsers worldwide are being hemmed in by the ChromeLoader malware that masquerades as cracked software for games and software.

Moving on, the Pantsdown bug embarrasses QCT servers! This high-severity bug can even be abused by an unsophisticated attacker with remote access to the operating system to execute arbitrary code within the BMC.

Top Breaches Reported in the Last 24 Hours

Medicine School blurts out PHI

A breach at St. Louis-based Washington University School of Medicine has potentially exposed PHI, as well other personal data of patients. An unauthorized person seemingly accessed the email accounts of certain employees between March 4 and March 28. The institution did not disclose how many patients were impacted by this incident.

Toronto health network compromised

Scarborough Health Network (SHN) disclosed an intrusion that may have impacted individuals who received in-patient care at any of the SHN hospitals prior to February 1. The hospital network comprises three hospitals and eight satellite sites. Furthermore, it warned victims that potential identity theft and phishing attempts may lurk in the wild.

Top Malware Reported in the Last 24 Hours

Cheerscrypt dispirits ESXi servers

Trend Micro has reported multiple deployments for a new ransomware family, dubbed Cheerscrypt. It was targeting one of its customer’s ESXi servers that manage VMware files. The malware family employs the double extortion scheme to extort victims. Previously, other ransomware actors, including LockBit, Hive, and RansomEXX, have targeted a similar environment.

ChromeLoader swells as a browser threat

Red Canary researchers noted a surge in ChromeLoader malware that uses a malicious ISO archive file to infect its victims. It comes packaged as cracked executables for games or commercial software. In fact, researchers have also witnessed instances wherein hackers promoted cracked Android games and offered QR codes on Twitter, which lead to the malware-hosting sites.

ERMAC 2.0 is here

The infamous ERMAC Android banking trojan expanded its territory by increasing the number of applications targeted from 378 to 467 with the launch of its version 2.0. It is capable of stealing account credentials and crypto wallets, which are sent to threat actors to hijack victims’ banking and cryptocurrency accounts for financial theft and fraud.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco Talos helps OAS patch bugs

Cisco Talos laid bare eight vulnerabilities in the Open Automation Software (OAS) Platform with two of them receiving severity scores of over 9.0. These flaws could be exploited to perform a myriad of malicious actions, from unauthenticated access to a targeted device to causing a denial of service. The driver under question is Open Automation Software OAS Platform, version 16.00.0112.

Pantsdown embarrasses QCT servers

Eclypsium found that Quanta Cloud Technology (QCT) servers are victims of the severe "Pantsdown" Baseboard Management Controller (BMC) flaw. An attacker may leverage this to laterally move its cyberattack to the server management network, thereby, crippling other servers by obtaining further permissions and access. The bug is tracked as CVE-2019-6260 and has a CVSS score of 9.8.

Clickjacking may hit Paypal

An independent security researcher, named h4x0r_dz, uncovered a new unpatched security vulnerability in PayPal’s money transfer program that could let attackers trick victims into initiating transactions with a single click, aka Clickjacking. The deception works by throwing an invisible overlay page or HTML element displayed on top of the actual page.

Related Threat Briefings