Share Blog Post
New ransomware strains joined the cyber landscape: SEXi and Red CryptoApp. The former targeted a Chilean data center and hosting provider and demanded a hefty ransom, while the latter has its eye on multiple sectors in the U.S. Furthermore, researchers found Pikabot escalating its cyber warfare with a series of sophisticated campaigns targeting systems globally.
Progress Software has urgently issued patches for a critical vulnerability in its Flowmon network monitoring and security solution, rated with a CVSS score of 10. Along similar lines, Google addressed another Chrome zero day vulnerability exploited at Pwn2Own 2024. Palo Alto Networks researchers demonstrated it for heap corruption.
Top Malware Reported in the Last 24 Hours
Attackers launch “wall of shame”
Netenrich researchers have identified a new ransomware group called Red CryptoApp, employing a unique tactic of publicly shaming victims on a "wall of shame" to coerce ransom payments. While the origins of operators are still unclear, experts underlined similarities with the Maze ransomware group. The ransomware targets various industries globally, with a primary focus on the U.S.
New ransomware resembles IcedID
Researchers uncovered a new malware named Latrodectus, initially observed in late November 2023. The malware saw increased usage in email threat campaigns throughout February and March 2024. Though it bears a resemblance to IcedID, Latrodectus has been confirmed as a distinct malware. It is primarily utilized by initial access brokers to download payloads and execute arbitrary commands. Its distribution was attributed to threat actors TA577 and TA578.
New SEXi ransomware claims victim
A new ransomware group dubbed SEXi targeted Chilean data center and hosting provider IxMetro PowerHost. The attack crippled the company's VMware ESXi servers and backups, leaving customers' websites and services inaccessible. The threat actors demanded an exorbitant ransom of two bitcoins per victim, totaling approximately $140 million. The ransomware was identified by its .SEXi extension.
Pikabot unleashes new campaign
Recent activities of Pikabot have unveiled its adaptive tactics, utilizing various file types like HTML, Javascript, and Excel to breach security defenses. Leveraging meticulously crafted email spam campaigns, Pikabot strategically targets victims through geographically tailored lures. Its multifaceted approach exploits vulnerabilities and user trust, exemplifying the evolving landscape of cyber threats.
Top Vulnerabilities Reported in the Last 24 Hours
Critical flaw found in network monitoring solution
Progress Software issued patches for a high-severity vulnerability (CVE-2024-2389) in its Flowmon network monitoring and security solution. The flaw allowed unauthenticated attackers to execute arbitrary system commands via the platform’s web interface. Attackers could potentially exfiltrate sensitive network configuration details, posing additional threats. The vulnerability affects Flowmon versions 11.x and 12.x.
Whitehat hackers uncover Chrome zero day
Google fixed a zero-day vulnerability, tracked as CVE-2024-3159, in its Chrome browser that was exploited during the Pwn2Own hacking competition last month. Researchers from Palo Alto Networks discovered that the flaw allowed for out-of-bounds memory access in the V8 JavaScript engine, potentially leading to data disclosure or crashes. The update also addresses other high-severity issues reported by security researchers.
Tags
Posted on: April 04, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
