Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Nov 2, 2020

Investigation on a recent cyberespionage campaign associated with the North Korea-based Kimsuky threat actor group has led to the discovery of a new malware suite called ‘KGH.’ The malware, which spreads via a weaponized Word document, includes spyware modules and is being used to target COVID-19 vaccine makers.

Talking about the abuse of legitimate services, phishers have been found exploiting a feature in Google Drive to create a push notification in an attempt to redirect users to malicious scam websites. Most of these websites include fake prizes, deals, and cash prizes.

Top Breaches Reported in the Last 24 Hours

JM Bullion hacked

Precious metals online retailer JM Bullion has disclosed a data breach that occurred between February 18 and July 17. The site was hacked to insert malicious scripts that stole customers’ credit card information. The attack type is classified as a Magecart attack as the malicious script stole payment card details of customers.

**Eatigo.com data breach **

Personal data of 2.8 million eatigo account holders were accessed by unauthorized attackers in a data breach. According to the notification, eatigo revealed that the compromised information dated back to 2019 and included names, email addresses, and phone numbers of customers.

GPI hacked

The REvil ransomware gang has claimed its attack on Gaming Partners International (GPI). The attackers have stolen information from the firm’s systems before encrypting it. The gang also published some screenshots that include directories and files from the systems.

Top Malware Reported in the Last 24 Hours

Wroba trojan

Researchers have uncovered a new wave of Wroba trojan attacks that target smartphone users in the United States. The attack, which affects both iOS and Android devices, involves attracting users by notifying them of a parcel arrival through a text message. It includes a link that redirects victims to a malicious site that shows an alert saying the user’s browser is out of date and needs an update. Once the victim clicks the ‘OK’ button, it causes the download of a malicious app.

New KGH malware

KGH is a new malware associated with the Kimsuky group. The malware spreads via weaponized Word documents in phishing emails. It is designed to drive information-stealing attacks against COVID-19 vaccine makers and other targets.

Top Vulnerabilities Reported in the Last 24 Hours

WordPress patches RCE bug

WordPress has released an update to patch 10 security bugs, including a high-severity RCE flaw. It can allow a remote attacker to take over a targeted website via a narrowly tailored DoS attack. Four of these flaws are rated as medium risk.

Top Scams Reported in the Last 24 Hours

Google Drive abused

In a new scam observed by researchers, phishers are abusing a feature in Google Drive to create a push notification in an attempt to trick users into visiting malicious websites. The notification is sent in Russian and English language and includes documents that contain links to scam websites. Most of these websites include fake prizes, deals, and cash prizes.

Related Threat Briefings