Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Oct 2, 2023

The cybercrime landscape continues to evolve, with actors forming alliances and utilizing sophisticated tactics to distribute malware. In one such incident, an advanced version of DoubleFinger malware loader has emerged, which allows attackers to load payloads while avoiding detection, with encrypted blobs hidden within PNG files. In other news, a rebrand of MetaEncryptor ransomware was observed in the wild. Believed to have launched in August 2022, its data leak site currently lists 53 victims globally. The Iran-linked APT34 also introduced a new malware named Menorah.

Furthermore, an unpatched zero-day has been reported. The critical vulnerability in Exim mail transfer agent (MTA) software exposes servers to remote code execution. No patch is available as of now, leaving millions of servers vulnerable to cyberattacks.

Top Breaches Reported in the Last 24 Hours

BlackCat hits major Michigan healthcare provider

McLaren HealthCare, one of Michigan's largest healthcare systems, is grappling with data breaches and system disruptions. The healthcare giant, operating 13 hospitals and various medical services, detected suspicious network activity and initiated an investigation. While the systems remain operational, details about the extent of the breach and ransom payment were not disclosed. The BlackCat/ALPHV ransomware gang took responsibility for the incident.

DHS data impacted in Johnson attack

The threat actors behind the ransomware attack on Johnson Controls International plc claimed to have stolen over 27TB of corporate data and encrypted the company's VMWare ESXi virtual machines. Concerns have arisen that sensitive data, including DHS floor plans, may have been exposed, potentially posing a risk to physical security at DHS facilities. Experts suggest that the Dark Angels Team was responsible for the attack and demanded a $51 million ransom for a decryptor.

Top Malware Reported in the Last 24 Hours

New ASMCrypt malware on the rise

Threat actors are distributing a new crypter and loader named ASMCrypt, described as an evolved version of the DoubleFinger malware loader. ASMCrypt is designed to help malware evade detection by security solutions while establishing contact with a backend service over the TOR network. This allows buyers to build and deploy payloads of their choice for various cyber campaigns. Loaders like ASMCrypt can help criminals gain initial access to networks and facilitate ransomware attacks, data theft, and more.

Iran-linked APT34 deploys Menorah

Iranian hacking group APT34 is allegedly targeting Saudi Arabia with a new malware threat, dubbed Menorah, via phishing emails. The malware enables file downloads, shell command execution, and file uploads, making it a powerful tool for espionage. While similar to the group's previous SideTwist backdoor, Menorah exhibits increased complexity and stealthiness.

LostTrust, a MetaEncryptor rebrand

A new ransomware variant, which appears to be a rebrand of the MetaEncryptor, has been attacking organizations since March. Named LostTrust, the group targets Windows devices, and there's a little uncertainty about Linux encryptors. The data leak site lists 53 victims globally, with some of their data already leaked for not paying the ransom.

Zanubis disguises as tax agency

The Zanubis banking trojan was found posing as a Peruvian government app to deceive users into downloading it. The malware disguises itself as the Peruvian customs and tax agency, Superintendencia Nacional de Aduanas y de Administración Tributaria (SUNAT), granting it access to the device. Zanubis can display fake overlay screens, steal credentials, harvest contact data, record screen content, and even simulate an Android OS update, rendering the device unusable.

Top Vulnerabilities Reported in the Last 24 Hours

**Critical zero-day flaw in Exim MTA **

A severe zero-day vulnerability (CVE-2023-42115) has been discovered in Exim MTA software, affecting all its versions. Unauthenticated attackers can exploit this flaw to achieve remote code execution on exposed servers. The vulnerability, disclosed by Trend Micro's Zero Day Initiative, results from an out-of-bounds write weakness in the SMTP service. Despite disclosure to the Exim team in 2022, no patch has been provided. Over 3.5 million servers are exposed online owing to the flaw.

High-severity bug in OpenRefine tool

A high-severity security flaw (CVE-2023-37476) has been revealed in the open-source data cleanup tool OpenRefine, potentially enabling arbitrary code execution on affected systems. This Zip Slip vulnerability could be exploited when importing a specially crafted project in OpenRefine versions 3.7.3 and below. Despite being designed for local execution, an attacker can manipulate users into importing a malicious project file, subsequently permitting the execution of arbitrary code on the victim's machine. Such vulnerabilities can be used to overwrite or unpack files to unintended locations. Responsible disclosure led to the release of a patch in OpenRefine version 3.7.4 on July 17.

Top Scams Reported in the Last 24 Hours

Phantom Hacker scams steal millions of dollars

The FBI has issued a warning about the growing prevalence of Phantom Hacker scams, with a significant impact on senior citizens. These scams involve impostors posing as tech support, financial institutions, and government officials to gain victims' trust and target their banking accounts. Victims often lose their entire savings, retirement, or investment funds, believing they are protecting their assets. From January to June, the FBI received 19,000 complaints related to tech support scams, resulting in estimated losses exceeding $542 million.

Related Threat Briefings