Go to listing page

Cyware Daily Threat Intelligence, January 06, 2023

Cyware Daily Threat Intelligence, January 06, 2023

Share Blog Post

Threat actors have once again set their sights on the macOS platform through the new variant of the Dridex banking trojan. The malware authors deliver malicious documents—containing booby-trapped macros—via social engineering attacks. A trio of ransomware strains was also reported in the past 24 hours. IOCs of the three strains, dubbed Monti, BlackHunt, and Putin, have been detailed by FortiGuard Labs researchers.

Cross-Origin Resource Sharing (CORs) bugs have been addressed in Tesla’s IT infrastructure. CORs is a browser security protocol. Anyone exploiting the bug could have harvested data from Tesla’s internal network.

Top Breaches Reported in the Last 24 Hours


Hundreds of U.S. counties offline
Hundreds of local governments got the taste of the pen-and-paper era after a third-party breach at Cott Systems, a digital records management vendor. It helps counties manage government data including public records, court cases, and land records, while also processing marriage licenses and birth certificates.

Data breach at U.S. burger chain 
Fast food restaurant chain Five Guys suffered a breach impacting the personal data of job applicants. Exposed information includes names, SSNs, and driver’s license numbers. No information was disclosed about whether the attack occurred due to a ransomware attack or someone pilfered it through a mismanaged cloud storage instance.

Over a dozen U.K. school impacted
Hackers appear to have leaked sensitive data from 14 schools in the U.K. The incident has impacted students' data such as SEN information reports, passport scans, and staff’s contract details and pay scales. It is alleged that the Vice Society ransomware group could be involved.

Top Malware Reported in the Last 24 Hours


Decryptor for MegaCortex out
Bitdefender released a decryptor for the MegaCortex ransomware family. The operators of ransomware, arrested in October 2021, were responsible for nearly 1,800 infections. Other entities who participated in developing the decryptor include Europol, the NoMoreRansom Project, the Zürich Public Prosecutor's Office, and the Zürich Cantonal Police.

Monti, BlackHunt, Putin ransomware
FortiGuard Labs disclosed the discovery of Monti, BlackHunt, and Putin ransomware. Monti ransomware is mainly designed to encrypt files on Linux systems, however, Monti variants also work on Windows. BlackHunt relies on vulnerable Remote Desktop Protocol (RDP) configurations, whereas Putin is typical ransomware extorting money from victims.

Dridex sample macOS
A variant of Dridex banking malware surfaced to target macOS users. The malware now drops maldocs with embedded macros to users while not posing as invoices or other business-related files. Dridex is infamous as an information stealer for stealing sensitive bank-related data from users.

Top Vulnerabilities Reported in the Last 24 Hours


Tesla addresses CORs misconfiguration
Electric car maker Tesla fixed Cross-Origin Resource Sharing (CORS) flaws that could let a hacker exfiltrate data from the carmaker’s internal network. CORS refers to a browser security mechanism that restricts scripts outside of a given domain. Truffle Security, which reported the bug, claimed that overly permissive configurations can invite cross-domain attacks.

 Tags

macos malware
dridex malware
five guys
cors bypass
blackhunt ransomware
uk schools
megacortex
putin ransomware
monti ransomware
us counties

Posted on: January 06, 2023


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.