Cyware Daily Threat Intelligence

Daily Threat Briefing • Sep 12, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Sep 12, 2018
Top Malware Reported in the Last 24 Hours
Kronos/Osiris
Security researchers have discovered a new variant of the Kronos banking trojan called Osiris. The malware is already being leveraged in three different campaigns targeting Germany, Poland, and Japan. The new variant contains features like TOR network command and control (C2), keylogging, and remote control via VNC. This is present alongside with older features like form grabbing and web-injection. Meanwhile, the Kronos malware's source code is being sold on the dark web for a whopping $7,000.
Lazarus backdoor
The prolific North Korean APT group Lazarus is continuing its barrage of attacks, despite the recent charges leveled at a member of the group by the US DoJ. The group was spotted using command-line backdoors and installers. In later years, wiper samples deployed by Lazarus group also contained command line forms of wiper tools. These wipers may have been designed to wipe traces of the attacker’s activities after the campaign has been completed, to leave as little evidence as possible. Researchers fear that the group is getting bolder and cleaning up its operational security to continue with the cyber espionage.
Top Breaches Reported in the Last 24 Hours
FreshMenu
India-based food delivery platform FreshMenu suffered a data breach in July 2016. The breach exposed personal data of over 110,000 customers. The exposed data includes customers' names, email addresses, phone numbers, home addresses, and order histories. It is currently not known whether any customer payment information was leaked from FreshMenu's database.
FreshMenu acknowledged being already aware of the breach but stated they had decided not to notify impacted customers.
Veeam data leak
Veeam, the data backup, and recovery firm, inadvertently exposed over 200 GB of customer records that were stored in an unsecured database. The data exposed included names, email addresses, and some IP addresses. The breach also resulted in over 400 million Veeam customers' emails being leaked. Fortunately, the leaky database, which contained no password protection, was secured shortly after Veeam was notified about the breach.