Go to listing page

Cyware Daily Threat Intelligence, September 28, 2022

Cyware Daily Threat Intelligence, September 28, 2022

Share Blog Post

A new threat has emerged in the form of NullMixer. Security experts say it is “less of a stealthy threat now and more of a catastrophic encounter.” The malware dropper practices black hat SEO techniques to trick users into accessing fake game cracks and pirated software. Speaking of malware, Lockbit 3.0 builder spillage has started showing consequences. The Bl00dy ransomware group was found using the builder to target a Ukrainian organization. 

Chrome 106 is out. Hackers have addressed several high to low severity vulnerabilities affecting browser components. There were a majority of use-after-free bugs that could lead to arbitrary code execution, DoS condition, or data corruption.

Top Breaches Reported in the Last 24 Hours

Black Basta breaches Elbit Systems
A U.S. subsidiary of Elbit Systems confirmed suffering a ransomware attack, months after the Black Basta ransomware group listed it on its leak site as one of its victims. The data compromised included employee names, addresses, SSNs, dates of birth, direct deposit information, and ethnicity. However, documents shared by the attackers as proof of the hack contained confidentiality agreements, an audit report, and a payroll report.

Healthcare services organization spills data
West Virginia-based Physician’s Business Office notified 196,573 individuals about a breach that exposed their personal data and Protected Health Information (PHI). Hackers could have accessed patient names, SSNs, driver’s licenses, treatments, diagnoses, contact details, disability codes, prescription information, and health insurance account details.

Top Malware Reported in the Last 24 Hours

Leaked Lockbit builder is in use
The Bl00dy ransomware group has become the first reported group that used the Lockbit 3.0 builder, which was leaked last week. It came to light after hackers used a new encryptor against a Ukrainian organization. It took a while for researchers to identify the ransomware involved in the attack as initial characteristics resembled Conti or LockBit.

Potential malware dropper in the foray
Kaspersky uncovered a new malware dubbed NullMixer targeting Windows users in the U.S, Germany, France, Italy, India, Turkey, Russia, Brazil, and Egypt. NullMixer acts as an infection funnel that leads to the deployment of over a dozen malware families. Its operators attempt to lure users with fake game cheats and software cracks by pushing fraudulent search results on Google.

Top Vulnerabilities Reported in the Last 24 Hours

Chrome 106 patch out
Google released Chrome 106 to the stable channel with patches for 20 vulnerabilities. Five bugs were rated high severity, eight as medium severity, and three as low severity and nearly half of these were use-after-free bugs. High severity use-after-free flaws concern browser components CSS, Survey, and Media. Three medium severity use-after-free flaws impact other Chrome components, namely Assistant, Import, and Logging.


bl00dy ransomware
use after free issue
chrome 106
black basta ransomware
physicians business office
elbit systems

Posted on: September 28, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite