Go to listing page

Cyware Daily Threat Intelligence, October 19, 2022

Cyware Daily Threat Intelligence, October 19, 2022

Share Blog Post

Lockbit operators continue to be in the headlines as they allegedly stole 1TB of data from Kingfisher Insurance. Cyber adversaries forced the firm to take its network and devices offline to contain the attack. With several new ransomware strains emerging in the past few months, researchers may have cracked the mystery for one. Named Ransom Cartel, a wide range of TTPs such as the use of initial access brokers, ransom note, and configuration structure had decent overlaps with that of REvil.

In other news, WordPress has issued patches for 16 vulnerabilities. There were broadly four categories of high-sensitive bugs, namely reflected XSS, stored XSS, SQL injection, and CSRF bug, that could be abused for different purposes.

Top Breaches Reported in the Last 24 Hours

France-based wine retailer struck with breach
Popular international fine wine retailer iDealwine has suffered a data breach that may have compromised its customers’ personal data, including name, address, telephone number, and email address. Payment data or card data is supposedly secured. Though the customers’ passwords were encrypted, the firm still urges to change it, to be on the safer side.

Lockbit 3.0 networks of Kingfisher Insurance
Hackers affiliated with LockBit claimed to have pilfered 1.4TB of records from Kingfisher Insurance and one of its brands, First Insurance. The group alleges the stolen database includes the personal information of employees and customers. Meanwhile, the victim firm has only confirmed unauthorized access to Kingfisher’s IT systems.

Top Malware Reported in the Last 24 Hours

Are Ransom Cartel and REvil connected?
Palo Alto Network’s Unit 42 established links between the relatively new Ransom Cartel ransomware operation with the REvil ransomware gang. The malicious code used by the two groups had multiple similarities. In their campaigns, both relied on initial access brokers to acquire access to compromise networks and deploy ransomware. Moreover, the encryptors used by the gangs reflect similarities in the structure of the configuration.

Top Vulnerabilities Reported in the Last 24 Hours

WordPress 6.0.3 update is out
With the new WordPress 6.0.3 rollout, security experts have addressed 16 flaws. Besides fixing open redirect, cross-site request forgery (CSRF), data exposure, and SQL injection flaws, WordPress 6.0.3 addresses nine stored and reflected cross-site scripting (XSS) vulnerabilities. WordPress websites that support background updates automatically will receive a patch.

Top Scams Reported in the Last 24 Hours

Scammers impersonate U.S. officials
Research by INKY laid bare an email-based phishing campaign containing a PDF attachment that opened in the form of a letter from the U.S. Social Security Administration (SSA). Hackers attempt to threaten recipients with claims of fraudulent activities associated with their SSNs. They also provide a phone number to resolve this issue. The aim of the campaign appears to be credential harvesting.


revil ransomware
ransom cartel
cross site request forgery csrf vulnerabilities
kingfisher insurance
lockbit group
wordpress 603
social security administration ssa

Posted on: October 19, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite