Go to listing page

Cyware Daily Threat Intelligence, November 04, 2020

Cyware Daily Threat Intelligence, November 04, 2020

Share Blog Post

The REvil ransomware gang has added another malware to its arsenal. The group, reportedly, acquired the source code for KPOT version 2.0 trojan in an auction last month. The trojan, first spotted in 2018, can extract and steal passwords from various apps on infected computers.

Besides, a new ransomware strain called RegretLocker has been found targeting Windows 10 and Windows Hyper-V virtual machines. It utilizes the Windows Restart Manager API to terminate processes or Windows services that keep a file open during encryption.

Amid all these threats, companies such as Google and Adobe made sure to patch security vulnerabilities with their latest updates. While Google issued 30 security patches for its Android operating system, Adobe fixed a total of 14 security flaws for different versions of Acrobat and Acrobat Reader.

Top Breaches Reported in the Last 24 Hours

Over 23,000 databases leaked
More than 23,000 hacked databases belonging to Cit0day have been made available for download on several hacking forums and Telegram channels. The databases contain usernames, email addresses, and even cleartext passwords of users. The site was launched in January 2018 and was shut down on September 14.

Folksam data breach
A data breach at Folksam has affected the personal data of 1 million Swedish customers. The exposed data includes various types of information, including social security numbers. After discovering the breach, the firm took immediate action to contain the breach.

Mattel discloses ransomware attack
The U.S. toymaker Mattel has revealed a ransomware attack that took place on July 28. This affected some business functions. Following the attack, the firm took a series of measures to restore impacted systems.

GrowDiaries suffers a breach
GrowDiaries, an online community for marijuana growers, has revealed a data breach after the company left two Kibana apps exposed on the internet. As a result, the apps granted attackers access to two sets of Elasticsearch databases, with one storing 1.4 million user records and the second holding over two million user data points.

Top Malware Reported in the Last 24 Hours

New RegretLocker ransomware
RegretLocker is a new ransomware strain that targets Windows 10 and Windows Hyper-V virtual machines. Discovered in October, the ransomware uses email for communication rather than a Tor payment site. It uses .mouse extension to append encrypted file names.

KPOT trojan code acquired
REvil ransomware gang has claimed to have acquired the source code of the KPOT 2.0 trojan in an auction last month. The sale was organized on a private underground hacking forum.

Top Vulnerabilities Reported in the Last 24 Hours

Google patches 30 flaws
Google has issued patches for 30 vulnerabilities affecting the Android operating system. The most serious of these is CVE-2020-0449, which could allow attackers to execute code remotely. The issue impacts Android 8.0, 8.1, 9, 10, and 11. The other impacted vulnerabilities include Android runtime, Framework, Media Framework, and System components.

SaltStack releases patches
SaltStack has issued patches for vulnerabilities impacting Salt versions prior to 3002. The flaws are tracked as CVE-2020-16846, CVE-2020-25592, and CVE-2020-17490. Two of these are rated as high/critical and the other is rated low on the CVSS scale, respectively.

Adobe patches 14 flaws
Adobe has fixed a total of 14 security flaws in the Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017. Three of these flaws are rated Critical and are by use-after-free, heap buffer overflow, and out of bounds write bugs.


windows restart manager api
kpot 20
toy giant mattel
regretlocker ransomware

Posted on: November 04, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.