Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Oct 23, 2023

A banking trojan, previously designed to target banking users in Brazil and Mexico, has expanded its horizon to Spain. Researchers have found a new version of Grandoreiro banking trojan using the bank credential stealing overlay method to steal login credentials from users. Meanwhile, there’s an update on the recently discovered zero-day vulnerability abused to compromise over 50,000 Cisco devices. Cisco has encountered a second zero-day vulnerability in its IOS XE devices that is also being exploited in the wild. To stay safe, organizations are urged to address both vulnerabilities by applying the latest patches.

In other news, the District of Columbia Board of Elections (DCBOE) has disclosed that the data breach, which was detected on October 5, may have impacted the personal information of all registered voters in the U.S. Earlier, it was reported that the records of less than 4,000 voters were affected.

Top Breaches Reported in the Last 24 Hours

Okta discloses a data breach

Identity and authentication management provider Okta revealed that a breach of its customer support system allowed some intruders to view files uploaded by certain clients. While the company is investigating the incident, it is to be noted that the support case management system breached in this attack was also used to store HTTP Archive (HAR) files that contained cookies and session tokens. Threat actors can leverage the cookies and session tokens to spoof valid users and hijack their browser activity.

The City of Philadelphia reveals a data breach

The City of Philadelphia is investigating a data breach that occurred five months ago in May. Although officials detected the incident on May 24 due to suspicious activity in the City's email system, the investigation revealed that threat actors might have had access to emails in the compromised accounts for a minimum of two months after the City's discovery of the incident. The types of information impacted in the attack include names, addresses, dates of birth, medical information, Social Security numbers, and contact details of individuals.

AmFam confirms a cyberattack

Insurance giant American Family Insurance (AmFam) confirmed suffering a cyberattack that caused outages on its website, phone service, and bill payment, among other services. To prevent the spread of the attack, the firm had to shut down portions of its IT systems. While the investigation is ongoing, the firm mentions that there is no evidence of compromise to critical business and customer data processing or storage systems.

Update on DCBOE data breach

In a new update on the data breach, the District of Columbia Board of Elections (DCBOE) revealed that threat actors may have obtained access to the personal information of all registered voters. The breach first came to light on October 5 after the RansomedVC ransomware gang posted the agency’s name on its dark web site, claiming that it had acquired over 600k lines of voter data.

Top Malware Reported in the Last 24 Hours

A new version of Grandoreiro detected

A new version of the Grandoreiro banking trojan from TA2725 APT has been observed targeting banking users in Mexico and Spain. Previously, the malware was known for targeting banking users in Brazil and Mexico. The latest activity observed indicates that the threat actors are expanding their operations. The new version of the malware was used in two campaigns between August 24 and 29. It used bank credential stealing overlays to steal credentials from users.

Top Vulnerabilities Reported in the Last 24 Hours

Second zero-day vulnerability in Cisco discovered

The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously dropped from over 50,000 to only a few hundred. These devices were hacked by exploiting a zero-day vulnerability (CVE-2023-20198). Some researchers speculate that attackers are deploying an update to hide their presence, thus causing the implants to be no longer visible in the scan. Amidst the significant drop, Cisco warned of a new zero-day vulnerability (CVE-2023-20237) in the software that is also being exploited in the wild to deliver a Lua backdoor. Security patches have been issued to address these flaws.

Related Threat Briefings