Go to listing page

Cyware Daily Threat Intelligence, December 19, 2022

Cyware Daily Threat Intelligence, December 19, 2022

Share Blog Post

Fake sites to disguise malware delivery campaigns are among the top tactics of cyber adversaries. A hacker group was found running malicious campaigns to infect potential victims with DarkTortilla. For now, they are luring users via spam email or online ads. In another headline from the weekend, we have a security update from the Samba Team which addressed security holes across multiple versions of the free SMB implementation protocol. Hackers abusing these flaws could find a way to dominate the impacted systems.

It’s alive and kicking! The Glupteba botnet malware—that Google disrupted in 2021—is still prevalent. Recent reports suggest that it has been hiding its C&C domains on the Bitcoin blockchain. It took them about six months to launch a new campaign.

Top Breaches Reported in the Last 24 Hours

Australia’s fire and rescue service targeted
Cybercriminals knocked the website of Fire Rescue Victoria (FRV), Australia, offline, affecting most of its systems, such as network, emails, and dispatch infrastructure. The nature of the attack is unclear but it is suspected to be a ransomware attack. FRV operates 85 fire and rescue stations across the state; it has urged the community to call Triple Zero (000) as usual.

BlackCat cripples Energy firm
Colombian energy company Empresas Públicas de Medellín (EPM), which provides services to 123 municipalities, appears to have fallen victim to a BlackCat/ALPHV ransomware attack. The group allegedly pilfered different types of data, including corporate data, as per security experts.

Major breach at SevenRooms 
After stolen data surfaced on a hacking forum, SevenRooms, a restaurant customer management platform, revealed a network intrusion episode by hackers. On the forum, attackers claimed to have extracted 427 GB of data comprising thousands of files. The company has stated that credit card or bank account data, SSNs, or any other highly sensitive information was not exposed.

Cyberattack hit top insurance firm
New Zealand’s largest insurer of medical and non-medical professionals, Medical Assurance Society, warned individuals of the possibility of personal data leaks. However, it hasn’t confirmed the compromise of any data. The breach originally occurred at one of its third-party service providers.

Top Malware Reported in the Last 24 Hours

Phishing campaign drops DarkTortilla
Security analysts at Cyble observed two phishing sites imitating Grammarly and Cisco to distribute the DarkTortilla malware. The malware is capable of adding more RAT and stealer payloads, such as AgentTesla, AsyncRAT, NanoCore, and others to an infected system. The complex .NET-based malware has been operating since 2015.

Glupteba botnet is alive
Experts at Nozomi Networks announced that they spotted an ongoing Glupteba botnet campaign, starting June 2022. Just a year ago, Google had claimed to dismantle the botnet’s infrastructure. Glupteba operators used the Bitcoin blockchain for hiding C&C domains, making it resilient to takedown efforts. It took cybercriminals roughly six months to build a new campaign.

Top Vulnerabilities Reported in the Last 24 Hours

Multiple bugs in Samba
Samba, a free software re-implementation of the SMB networking protocol, rolled out updates to patch vulnerabilities that could be abused to take over system controls. The program runs on most Unix-like systems. Samba has patched CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141 vulnerabilities with the current round of updates.


fire rescue victoria frv
blackcat ransomware
medical assurance society mas
samba software
empresas publicas de medellin
glupteba botnet

Posted on: December 19, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.