Cyware Weekly Threat Intelligence - March 4–8

Weekly Threat Briefing • March 8, 2019
Weekly Threat Briefing • March 8, 2019
The Good
We’re back with the most interesting threat intel of the week. Before getting into the cyberattacks and new threats, lets first acknowledge all the positive events that occurred over the past week. National Security Agency has announced its cybersecurity tool ‘Ghidra’ as an open-source offering. World Wide Web Consortium has approved the WebAuthn API. Meanwhile, Singapore has proposed new guidelines for Technology Risk Management (TRM) and Business Continuity Management (BCM).
The Bad
In the past week, we witnessed several data breaches and massive cyber attacks. A security researcher detected almost 18 unprotected MongoDB databases that contained social services related data. Wolverine Solution Group suffered a ransom attack impacting nearly 700 healthcare centers. In the meantime, hackers defaced multiple Israeli webpages with the words ‘Jerusalem is the capital of Palestine’.
New Threats
Several new malware, vulnerabilities, and ransomware were discovered over the past week. Researchers detected a new variant of the GarrantyDecrypt ransomware that pretends to be the security team for Proton technologies. Almost 19 zero-day vulnerabilities were detected in 5 visitor management systems. Last but not least, a new Ransomware as a Service (RaaS) ‘Jokeroo’ has been promoted in the underground hacking forum.