We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 28, 2022

A new threat has emerged in the form of NullMixer. Security experts say it is “less of a stealthy threat now and more of a catastrophic encounter.” The malware dropper practices black hat SEO techniques to trick users into accessing fake game cracks and pirated software. Speaking of malware, Lockbit 3.0 builder spillage has started showing consequences. The Bl00dy ransomware group was found using the builder to target a Ukrainian organization.

Chrome 106 is out. Hackers have addressed several high to low severity vulnerabilities affecting browser components. There were a majority of use-after-free bugs that could lead to arbitrary code execution, DoS condition, or data corruption.

Top Breaches Reported in the Last 24 Hours

Black Basta breaches Elbit Systems

A U.S. subsidiary of Elbit Systems confirmed suffering a ransomware attack, months after the Black Basta ransomware group listed it on its leak site as one of its victims. The data compromised included employee names, addresses, SSNs, dates of birth, direct deposit information, and ethnicity. However, documents shared by the attackers as proof of the hack contained confidentiality agreements, an audit report, and a payroll report.

Healthcare services organization spills data

West Virginia-based Physician’s Business Office notified 196,573 individuals about a breach that exposed their personal data and Protected Health Information (PHI). Hackers could have accessed patient names, SSNs, driver’s licenses, treatments, diagnoses, contact details, disability codes, prescription information, and health insurance account details.

Top Malware Reported in the Last 24 Hours

Leaked Lockbit builder is in use

The Bl00dy ransomware group has become the first reported group that used the Lockbit 3.0 builder, which was leaked last week. It came to light after hackers used a new encryptor against a Ukrainian organization. It took a while for researchers to identify the ransomware involved in the attack as initial characteristics resembled Conti or LockBit.

Potential malware dropper in the foray

Kaspersky uncovered a new malware dubbed NullMixer targeting Windows users in the U.S, Germany, France, Italy, India, Turkey, Russia, Brazil, and Egypt. NullMixer acts as an infection funnel that leads to the deployment of over a dozen malware families. Its operators attempt to lure users with fake game cheats and software cracks by pushing fraudulent search results on Google.

Top Vulnerabilities Reported in the Last 24 Hours

Chrome 106 patch out

Google released Chrome 106 to the stable channel with patches for 20 vulnerabilities. Five bugs were rated high severity, eight as medium severity, and three as low severity and nearly half of these were use-after-free bugs. High severity use-after-free flaws concern browser components CSS, Survey, and Media. Three medium severity use-after-free flaws impact other Chrome components, namely Assistant, Import, and Logging.

Related Threat Briefings