Go to listing page

Cyware Daily Threat Intelligence, February 06, 2023

Cyware Daily Threat Intelligence, February 06, 2023

Share Blog Post

Threats surrounding VMware ESXi servers have multiplied. At least two ransomware variants, including Royal Ransomware and ESXiArgs, were found launching attacks on the servers. The latter exploits an old VMware flaw, identified as CVE-2021-21974. Meanwhile, VMware has patched a highly sensitive Workstation vulnerability reported by German cybersecurity firm Cirosec. The successful abuse of the bug allows unauthenticated users to delete arbitrary files from the file system.

Moving on! Brazilian financial institutions have been warned of a new Android-based trojan known as PixPirate. In its modus operandi, the malware automates the insertion of a malicious money transfer over the instant payment platform Pix.

Top Breaches Reported in the Last 24 Hours

Healthcare system off the grid
Following a hack, Tallahassee Memorial HealthCare (TMH), Florida, has shut down its IT infrastructure and halted non-emergency operations. TMH did not provide details about the cyberattack. It added that patients will be diverted to other hospitals and it will only accept Level 1 traumas from its immediate service area.

PeopleConnect in the fray
The parent company of background checking services TruthFinder and Instant Checkmate, PeopleConnect, suffered a data breach. The incident exposed a 2019 backup database holding the personal data of about 20.22 million users of the services. Those who utilized the services up to April 16, 2019, apparently had their data stolen by hackers.

Biggest freight business under the scanner
India’s largest truck brokerage and freight delivery business, FR8, is dealing head-on with a significant data exposure issue. Cybersecurity firm FlashStart took the wraps off of a 140 GB database server that is freely accessible to anyone without a password or verification. Besides individuals' personal information, the data leaked also includes customer records, invoices, and payment information.

Cyberattack on Switzerland’s largest university
Switzerland’s University of Zurich fell victim to a potential cyberattack. While its phone line to the press office is working, the attack has rendered its website inaccessible. The incident has come to light when several other attacks on German-speaking institutions occurred in the past few weeks.

Canadian mortgage firm blurts out data
Security researcher Jeremiah Fowler discovered the PII of thousands of Canadian citizens spread over 717,814 records laid bare on an unprotected server, allegedly belonging to Canada-based 8Twelve Financial Technologies Inc. The data includes names, phone numbers, emails, physical addresses, and other information on house mortgage loans.

Top Malware Reported in the Last 24 Hours

PixPirate - a new banking trojan
A fresh Android banking trojan has emerged to target Brazilian financial institutions with the intention of defrauding them using the PIX payments system. Dubbed PixPirate by the Italian cybersecurity firm Cleafy, it pertains to the most recent generation of Android banking threats that allow a hacker to automatically insert a malicious money transfer over the payment network.

Royal Ransomware can now target Linux
Royal Ransomware is now the latest in the queue to add capabilities for encrypting Linux devices, especially VMware ESXi VMs. Additionally, it has support for a variety of flags that will offer the ransomware's developers some degree of control over the encryption procedure. With this, it has joined the likes of Black Basta, LockBit, BlackMatter, AvosLocker, REvil, HelloKitty, RansomEXX, and Hive.

Top Vulnerabilities Reported in the Last 24 Hours

Ransomware exploits ESXi server bug
VMware ESXi servers are being targeted by a widespread ransomware attack, according to the Italian National Cybersecurity Agency (ACN). Attackers are attempting to take advantage of the CVE-2021-21974 flaw. It is an OpenSLP heap-overflow flaw in servers. France was the target of the majority of attacks, followed by Finland, North America, Canada, and the U.S.

Fixing a Workstation flaw
A Workstation vulnerability, that may be used by hostile hackers to escalate privileges, has been patched, stated VMware. The high-severity vulnerability is listed as CVE-2023-20854 and affects Windows versions 17.x and earlier. Abusing the security issue, a malicious actor with local user access might delete files from the computer's file system.

Binwalk security tool poses threats
Users running outdated versions of Binwalk, a security analysis tool, are at risk of data breaches because of a path traversal vulnerability that could result in remote code execution. Linux users frequently utilize the popular command-line utility Binwalk to examine, decode, and extract firmware images. The vulnerability is tracked as CVE-2022-4510 and is rated as high severity.


vmware esxi
vmware workstation
royal ransomware
tallahassee memorial healthcare tmh
8twelve financial technologies inc
university of zurich

Posted on: February 06, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite