Cyware Daily Threat Intelligence

Daily Threat Briefing • Oct 25, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 25, 2021
The notorious Nobelium threat actor group is rising to prominence among criminal threat actors. A new wave of supply chain attacks by the group targeting nearly 140 organizations has come to the notice of researchers. The campaign, which is touted to have begun in May this year, has been designed to breach the networks of cloud, managed, and IP service providers.
In other news, threat actors capitalized on the widespread popularity of Squid Game to spread the infamous Joker trojan. The malware was disguised as a wallpaper app with the same name on the Google Play Store to trick users. Amid all these scary threats, there’s a piece of good news for victims affected by BlackMatter ransomware. A decryptor for a version of the ransomware that was used between July and September is now available for free.
Top Breaches Reported in the Last 24 Hours
Nobelium strikes again
Microsoft warned that the Nobelium hacking group has targeted at least 140 cloud service providers, managed service providers, and other IT companies in supply chain attacks. The group relied on password spraying attacks, API abuse, and token theft to obtain account credentials and gain privileged access to victims’ systems.
Tesco’s website affected
Tesco’s website had temporarily suffered an outage due to cyberattacks. This prevented customers from ordering or canceling deliveries. The retailer took immediate actions to restore the site.
Database of 50 million records on sale
Threat actors are selling a database containing 50 million records of Moscow drivers on an underground forum for $800. The exposed data includes full names, dates of birth, phone numbers, license plate numbers, and VIN codes of individuals.
KT suffers a DDoS attack
South Korea-based telco KT had to temporarily shut down its network following a DDoS attack. During that time, the users were unable to use credit cards, trade stocks, or access online apps. The firm is yet to establish the extent of damage due to the attack.
Top Malware Reported in the Last 24 Hours
Free decryption key for BlackMatter
Experts from Emsisoft have released a free decryption key for victims affected by BlackMatter ransomware. The decrypter can only decrypt files encrypted with BlackMatter versions used by attackers between July and September 2021. The decryption key has been created using a critical flaw discovered in the ransomware.
Joker malware returns
Joker malware returned to the Play Store disguised as a Squid Game-themed wallpaper app. The app was downloaded 5,000 times before Google removed it. The malware is designed to steal users’ precious data.
Top Vulnerabilities Reported in the Last 24 Hours
Discourse RCE flaw
A critical Discourse remote code execution flaw, tracked as CVE-2021-41163, was fixed recently. The flaw affects versions prior to 2.7.8 and has been addressed in the versions above 2.7.9. Additionally, CISA has published an alert about the flaw, urging forum admins to update to the latest available version to prevent attacks.
Cisco fixes SD-WAN flaw
Cisco has fixed an OS command-injection flaw, tracked as CVE-2021-1529, with the release of a new version of its SD-WAN solution. The flaw can allow attackers to escalate privileges and launch arbitrary code execution of systems.
A critical flaw in Polygon fixed
A critical flaw fixed in Polygon’s Plasma Bridge could have allowed a malicious user to submit the same withdrawal transactions 224 times using different exit IDs. The flaw exists in the manner in which Polygon’s WithdrawManager checks the inclusion and uniqueness of the burn transaction.