Go to listing page

Cyware Daily Threat Intelligence, March 16, 2023

Cyware Daily Threat Intelligence, March 16, 2023

Share Blog Post

Alert! A joint advisory by the U.S. cyber agencies warned against a critical bug in Progress Telerik that led to an RCE attack on a federal civilian executive branch (FCEB) agency's IIS server. Praying Mantis and Vietnamese XE Group have abused the bug, revealed officials. Another bug update that made headlines is a sensitive security hole concerning Adobe ColdFusion, which the CISA has added to its KEV catalog. Security analysts confirmed that the vulnerability has been exploited in the wild in a few attacks.

Moreover, researchers laid bare an attack campaign aimed at high-profile state targets and telecom firms in Europe and other countries supporting Ukraine since the Russian invasion. It specifically uses the Aperetif malware, which brings several destructive capabilities along.

Top Breaches Reported in the Last 24 Hours

Health data of millions compromised
Florida-based Independent Living Systems revealed a breach incident from last year that affected more than 4.2 million individuals. Earlier, it was incidentally reported as a hack event that affected just 501 individuals. Reporting it to HHS OCR on time would have made the incident rank as the largest single known health security breach in 2022. The breach affected financial information and treatment and diagnosis data, besides personal details.

Office supplies distributor targeted
An alleged ransomware attack by the LockBit group on Essendant, a U.S.-based wholesale distributor of office supplies, has disrupted employees' work. Previously, the company only declared the incident as an "outage" and claimed that customers weren’t able to place orders or reach out to customer care for the same reason.

Sensitive data exposed by a financial lender
Latitude Finance, a consumer finance provider, disclosed a major cyberattack that resulted in the theft of identification documents of nearly 328,000 customers. Additionally, approximately 100,000 customers' driver's license information was also stolen. The lender offers its services to top firms, including Harvey Norman, JB Hi-Fi, The Good Guys, and Apple. 

Top Malware Reported in the Last 24 Hours

Aperetif by Winter Vivern
A new cybercriminal group, named Winter Vivern, was spotted targeting European government organizations and telecoms service providers with a payload dubbed Aperetif. The malware is hosted on compromised WordPress websites, which are commonly used for malware distribution campaigns. The Aperetif malware can automate file scanning and exfiltration process, take screenshots, and perform other harmful actions.

Brazilian banks have new enemy
GoatRAT has surfaced as a new Android banking trojan threat against Brazilian banks to abuse Pix, a relatively new automated payment system in Latin America. The malware can make instant unauthorized money transfers from compromised accounts by procuring the Pix key of the mobile devices. Experts say it was originally created as an Android remote administration tool. The malware has extraordinary hiding capability to evade detection.

FakeCalls - new vishing malware tool
Check Point Research found FakeCalls, a new Android vishing malware tool, targeting victims in South Korea by impersonating 20 leading financial institutions in the region. It lures victims with a fake loan form that would request users’ personal details and banking details including credit card numbers.

Top Vulnerabilities Reported in the Last 24 Hours

Old bug abuse in govt IIS server
Multiple threat groups were found abusing CVE-2023-26360, a high-severity three-year-old bug, in Progress Telerik to infiltrate an unnamed federal entity in the U.S. The successful exploitation of the bug allowed threat actors to remotely execute arbitrary code on an FCEB agency's Microsoft Internet Information Services (IIS) web server.

Adobe ColdFusion bug added to KEV
The Known Exploited Vulnerabilities (KEV) catalog of CISA has a fresh entry tracked as CVE-2023-26360. The bug lies in Adobe ColdFusion and affects ColdFusion 2018 (Update 15 and earlier versions) and ColdFusion 2021 (Update 5 and earlier versions). Note that the bug impacted ColdFusion 2016 and ColdFusion 11 installations too but the company no longer supports them as they reached end-of-life (EoL).

Top Scams Reported in the Last 24 Hours

SVB collapse and scams around it
Following the collapse of Silicon Valley Bank (SVB), security researchers from all around the world warned that threat actors are already registering suspicious domains, creating phishing pages, and planning for BEC attacks. Through bogus domains, threat actors request the personal information of individuals, such as their name, mobile number, email, and balance amount to process a claim. In BEC scams, some customers have reported receiving new non-SVB account details from their existing vendors to facilitate payments.


adobe coldfusion
lockbit group
independent living systems ils
progress telerik ui
latitude finance
winter vivern
brazilian banks

Posted on: March 16, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite