We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 29, 2023

There have been multiple attacks on routers globally, featuring the likes of the Horse Shell backdoor by Chinese actors. Now, Linux-based routers in Japan have come under threat from a new malware dubbed GobRAT. The campaign appears to be running since February this year and it can infect devices based on various architectures such as ARM, MIPS, x86, and x86-64. In another headline, a bug in the Google Cloud Platform's (GCP) Cloud SQL service was found to pose a sensitive data leakage threat via a multi-stage attack chain. An intruder could not only gain access to internal data but also steal the data of the cloud provider and its customers.

Security researchers have made a breakthrough revelation with a new attack called Hot Pixels. The technique exploits the fact that it’s challenging to balance CPU power consumption requirements and heat dissipation limitations while maintaining high execution speeds.

Top Breaches Reported in the Last 24 Hours

Healthcare entity targeted in NY

Albany ENT & Allergy Services, a New York-based medical specialty practice, has been listed on the leak site for the RansomHouse ransomware group. Hackers claimed to have pilfered the personal records and Protected Health Information (PHI) of nearly 224,500 employees and patients. According to the forensics investigation, the intrusion occurred between March 23 and April 4.

PHI for nine million people exposed

Florida-based MCNA Dental insurance company confirmed suffering a cyberattack that impacted the personal and medical data of close to nine million patients across more than 100 healthcare providers. Unauthorized access to its systems was detected on March 6, and subsequent investigation revealed the presence of malicious code infecting certain systems within the company’s network.

Top Malware Reported in the Last 24 Hours

RAT attacks Linux routers in Japan

Actors behind a new malware named GobRAT were observed launching attacks against Linux routers in Japan. Cybercriminals abuse routers with publicly accessible web user interfaces. The malware strain is written in Go and established C2 communication via TLS. It can receive as many as 22 varieties of encrypted commands for execution.

AceCryptor in top malware strains

ESET experts conducted an in-depth analysis of malware known as AceCryptor and disclosed that it has been utilized to package a range of malware including SmokeLoader, RedLine Stealer, RanumBot, and Raccoon Stealer. Experts have reported over 240,000 instances of AceCryptor detections in their telemetry from 2021 and 2022, averaging more than 10,000 detections per month.

Top Vulnerabilities Reported in the Last 24 Hours

**GCP bug risks confidential data **

Security experts at Dig revealed a vulnerability within the Cloud SQL service of GCP, which could be exploited in order to gain unauthorized access to sensitive data. An attacker can escalate their privileges from that of a regular user to a container administrator. It could grant them access to internal data within GCP, such as confidential files, passwords, customer data, and other secrets.

Whitehat researchers study ‘Hot Pixels’

Security researchers discovered an innovative attack technique known as Hot Pixels. The attack leverages the data-dependent computation times of modern system-on-a-chip (SoCs) and graphics processing units (GPUs) to extract information from visited web pages on Chrome and Safari, even when side-channel countermeasures are in place. They achieved up to 94% accuracy in determining the content viewed on the target device.

Related Threat Briefings