Cyware Daily Threat Intelligence

Daily Threat Briefing • Oct 16, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 16, 2020
Time is of the essence after a ransomware attack and having a suitable decryption key can bring a major relief in such cases. In a similar vein, researchers have now unveiled the decryption key for MamoCrypt ransomware that was discovered last year. A variant of MZRevenge, the ransomware leverages AES 128 CBC and Twofish 128 NOFB algorithms to encrypt victims’ files.
However, there are still several ransomware strains for which researchers are yet to find decryption keys. One such ransomware is Egregor. The operators behind the ransomware have allegedly hacked and leaked data from gaming companies, Ubisoft and Crytek, with the purpose to extract ransom from them.
Top Breaches Reported in the Last 24 Hours
Firefighting department attacked
Puerto Rico’s firefighting department disclosed that its database has been hacked and the attackers are demanding $600,000 in an act of alleged extortion. The department has notified the police which is currently investigating the matter.
3 million card numbers dumped
A hacker has been found selling 3 million payment card numbers used at Dickey’s Barbecue Pit on Joker’s Stash dark web forum. The data appears to have been compromised between July 2019 and August 2020. The data is being sold for a median price of $17 per card.
Ubisoft targeted
Ubisoft and Crytek have allegedly fallen victim to an Egregor ransomware attack. It is still unclear how the actors got access to systems. Meanwhile, the ransomware gang has threatened to leak the source code of an upcoming game of Ubisoft if their ransom demand is not met.
Top Malware Reported in the Last 24 Hours
Decryptor for MamoCrypt ransomware
A decryption key for MamoCrypt ransomware, a variant of MZRevenge, has been released recently. The ransomware uses AES 128 CBC and Twofish 128 NOFB algorithms to encrypt files.
COVID-19 vaccine phishing
People in the U.S. and the U.K have been alerted about the ongoing phishing attack around the Oxford Coronavirus vaccine. The attack is suspected to be propagated by Russian hackers in the form of phishing emails with subject lines saying “Beware of the Oxford COVID-19 Vaccine or Beware of the Oxford Corona Virus Vaccine”. Researchers believe that the attack is meant to distribute malware.
Top Vulnerabilities Reported in the Last 24 Hours
Magento flaws fixed
Adobe has disclosed two critical flaws, six important-rated errors, and one moderate-severity vulnerability plaguing the Magento platform. The two flaws can lead to remote code execution. One of these flaws stems from the application not validating full filenames when using an “allow list” method to check the file extensions. The second one is a SQL injection vulnerability.
Top Scams Reported in the Last 24 Hours
QR code scam
QR code scam is making its way out in the pandemic. One of the easiest ways to trick users is through clickjacking. Another trick is the small advance payment scam. Phishing links can, moreover, be disguised as QR codes. As a result, phishers can empty bank accounts without users being aware.