Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Nov 4, 2020

The REvil ransomware gang has added another malware to its arsenal. The group, reportedly, acquired the source code for KPOT version 2.0 trojan in an auction last month. The trojan, first spotted in 2018, can extract and steal passwords from various apps on infected computers.

Besides, a new ransomware strain called RegretLocker has been found targeting Windows 10 and Windows Hyper-V virtual machines. It utilizes the Windows Restart Manager API to terminate processes or Windows services that keep a file open during encryption.

Amid all these threats, companies such as Google and Adobe made sure to patch security vulnerabilities with their latest updates. While Google issued 30 security patches for its Android operating system, Adobe fixed a total of 14 security flaws for different versions of Acrobat and Acrobat Reader.

Top Breaches Reported in the Last 24 Hours

Over 23,000 databases leaked

More than 23,000 hacked databases belonging to Cit0day have been made available for download on several hacking forums and Telegram channels. The databases contain usernames, email addresses, and even cleartext passwords of users. The site was launched in January 2018 and was shut down on September 14.

Folksam data breach

A data breach at Folksam has affected the personal data of 1 million Swedish customers. The exposed data includes various types of information, including social security numbers. After discovering the breach, the firm took immediate action to contain the breach.

Mattel discloses ransomware attack

The U.S. toymaker Mattel has revealed a ransomware attack that took place on July 28. This affected some business functions. Following the attack, the firm took a series of measures to restore impacted systems.

GrowDiaries suffers a breach

GrowDiaries, an online community for marijuana growers, has revealed a data breach after the company left two Kibana apps exposed on the internet. As a result, the apps granted attackers access to two sets of Elasticsearch databases, with one storing 1.4 million user records and the second holding over two million user data points.

Top Malware Reported in the Last 24 Hours

New RegretLocker ransomware

RegretLocker is a new ransomware strain that targets Windows 10 and Windows Hyper-V virtual machines. Discovered in October, the ransomware uses email for communication rather than a Tor payment site. It uses .mouse extension to append encrypted file names.

KPOT trojan code acquired

REvil ransomware gang has claimed to have acquired the source code of the KPOT 2.0 trojan in an auction last month. The sale was organized on a private underground hacking forum.

Top Vulnerabilities Reported in the Last 24 Hours

Google patches 30 flaws

Google has issued patches for 30 vulnerabilities affecting the Android operating system. The most serious of these is CVE-2020-0449, which could allow attackers to execute code remotely. The issue impacts Android 8.0, 8.1, 9, 10, and 11. The other impacted vulnerabilities include Android runtime, Framework, Media Framework, and System components.

SaltStack releases patches

SaltStack has issued patches for vulnerabilities impacting Salt versions prior to 3002. The flaws are tracked as CVE-2020-16846, CVE-2020-25592, and CVE-2020-17490. Two of these are rated as high/critical and the other is rated low on the CVSS scale, respectively.

Adobe patches 14 flaws

Adobe has fixed a total of 14 security flaws in the Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017. Three of these flaws are rated Critical and are by use-after-free, heap buffer overflow, and out of bounds write bugs.

Related Threat Briefings