Go to listing page

Cyware Daily Threat Intelligence, March 07, 2022

Cyware Daily Threat Intelligence, March 07, 2022

Share Blog Post

The relatively new Lapsus$ ransomware gang is on a big game hunt as it added another tech manufacturing giant to its list of victims. After Nvidia, Samsung has now confirmed the theft of source code related to Galaxy devices and other data by the same ransomware group. The confirmation came after cybercriminals published screenshots of nearly 190GB of the company's internal data.

Meanwhile, the Formbook infostealer is back in a new attack format that targets oil and gas companies. The threat actors behind the attack use phishing emails pretending to be from Saudi Aramco. In other updates, Mozilla has urged users to install the latest versions of Firefox that include patches for two critical vulnerabilities that are being exploited in the wild.

Top Breaches Reported in the Last 24 Hours

Adafruit discloses a data leak
Adafruit disclosed a data leak that occurred due to an unprotected GitHub repository. The company suspects this could have allowed unauthorized access to information about certain users listed before 2019. The compromised data may include names, email addresses, shipping addresses, and order details of users.

Samsung targeted
The Lapsus$ ransomware gang has reportedly targeted Samsung and stolen internal company data and source code for Galaxy devices. The group claimed responsibility by sharing screenshots of nearly 200GB of stolen data. Meanwhile, the firm has confirmed that no personal information of customers or employees is affected in the incident.

Data breach at Acro
A data breach at a Japan-based beauty product retailer Acro affected the details of more than 100,000 payment cards. The incident occurred as a result of the exploitation of a vulnerability in a third-party payment processing vendor. It affected the Three Cosmetics domain and Amplitude site.
The victims include anyone who made purchases on the two sites between May 21, 2020, and August 18, 2021.

Top Malware Reported in the Last 24 Hours

New Formbook campaign
A new Formbook campaign targeting oil and gas companies was spotted by researchers. The campaign was delivered via a targeted email that contained two attachments, one in the form of a PDF file and the other an Excel document. The email pretended to be from Saudi Aramco and asked receivers to provide an offer for refinery renovations that required a swift response.

Updates about SharkBot
Sharing light on the technical details of SharkBot, researchers revealed that the malware is distributed via the official Google Play Store. The main goal of the malware is to initiate money transfers from compromised devices. It makes use of the ‘Direct reply’ feature for notifications. 

Top Vulnerabilities Reported in the Last 24 Hours

Mozilla addresses critical flaws
Mozilla urged Firefox users to install updates for two critical flaws that are being actively exploited. These use-after-free-memory flaws are tracked as CVE-2022-26485 and CVE-2022-26486. The flaws are addressed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0 and Focus 97.3.0. They are also fixed in Thunderbird 91.6.2.


lapsus ransomware gang
formbook info stealer

Posted on: March 07, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.