Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 17, 2020

Cerberus’ source code, one of the most dangerous trojans, has been released on underground hacking forums following a failed auction. The leaked code, distributed under the name Cerberus v2, presents an increased threat for smartphone users and the banking sector at large.

The past 24 hours also witnessed a ransomware attack on University Hospital New Jersey (UHNJ). The attack was carried out by SunCrypt ransomware attackers who stole around 240 GB of data from the organization, 1.7 GB of which was leaked on the website.

Moreover, researchers discovered that the Mozi botnet accounted for nearly 90% of the observed IoT network traffic from October 2019 through June 2020.

Top Breaches Reported in the Last 24 Hours

UHNJ hit by ransomware

University Hospital New Jersey (UHNJ) has suffered a massive attack from SunCrypt ransomware that encrypted around 48,000 documents. Following the attack, the attackers have stolen around 240 GB of data, 1.7 GB of which is leaked on the website. The leaked data includes patient information such as copies of driving licenses, Social Security Numbers (SSNs), dates of birth, and records about the Board of Directors.

Cyberattack on Quebec DoJ

The Quebec Department of Justice (DoJ) was hit in a cyberattack in which malicious actors used Emotet trojan to infect 14 inboxes under the Department’s jurisdiction. As a result, the attackers were able to access the emails sent to these addresses.

Windeln.de data breached

A misconfigured Elasticsearch database exposed 882 GB worth of data from 70 dating and e-commerce sites before it was secured. The exposed data included invoices, full names, IP addresses, internal logs, phone numbers, email addresses, home addresses, and hashed passwords.

Artech Information Systems affected again

Artech Information Systems has been hit for the second time in nine months. This time, the firm has suffered an attack from Maze ransomware. Attackers deployed the ransomware three days after gaining unauthorized access to some of the company’s systems.

Top Malware Reported in the Last 24 Hours

Mozi botnet

Researchers discovered that the Mozi botnet accounted for nearly 90% of the observed IoT network traffic from October 2019 through June 2020. The botnet’s capabilities include performing DDoS attacks, stealing data, and sending spam.

Source code of Cerberus trojan leaked

The source code of the Cerberus banking trojan has been released on underground hacking forums following a failed auction. The trojan is capable of conducting covert surveillance, intercepting communications, tampering with device functionality, and stealing data.

Top Vulnerabilities Reported in the Last 24 Hours

h2c smuggling

Security researchers have discovered a new type of HTTP request smuggling attack called ‘h2c smuggling’ It can be used to bypass security controls by slipping in malicious web requests alongside legitimate ones. The attack occurs when a hacker uses h2c to send requests to an intermediary server, which can then evade the server access controls.

Top Scams Reported in the Last 24 Hours

Fake Zoom alerts

Taiwan’s CERT detected cybercrooks impersonating medical authorities to attack the country’s tech industry during the early stages of the COVID pandemic. The spoofed organizations include the World Health Organization and America’s Centers for Disease Control. Phishers also targeted the National Health Commission that existed in mainland China.

Related Threat Briefings