Cyware Weekly Threat Intelligence - December 11–15

Weekly Threat Briefing • December 15, 2023
Weekly Threat Briefing • December 15, 2023
As the cyber threats landscape continues to grow grim, proactive measures are being taken to mitigate potential impacts. Amidst the surge in software supply chain attacks, U.S. government agencies have issued a guideline for the safe use of SBOMs and open-source repositories. Separately, MITRE launched a new threat model framework, named EMB3D, to address threats against OT and ICS.
Database security is back in the limelight as DonorView and Dubai Taxi Company were found leaking a trove of sensitive data from their databases. Meanwhile, several top institutions and firms, such as Kyivstar, Toyota Financial Services, and Americold, fell victim to cyberattacks.
This week, Lazarus and Fancy Bear expanded their malware arsenal to target more organizations. While Lazarus introduced three DLang-based malware, Fancy Bear was linked to the use of the custom HeadLace backdoor. Besides, SOHO routers came under attack by the operators of KV-Botnet and NKAbuse registered itself as the first-ever malware to abuse the NKN blockchain.