December 8, 2023

Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending April, 2023

Subscribers favorite #1

CISA Warns on Vulnerabilities ICS and SCADA Softwares

The US CISA has published seven advisories last week covering vulnerabilities in ICS and SCADA software from multiple vendors. Some of the flaws are rated critical and two of them already have public exploits.

  • Scadaflex II controllers made by Industrial Control Links
  • Screen Creator Advance 2 and Kostac PLC programming software from JTEKT Electronics
  • Korenix JetWave industrial wireless access points and communications gateways
  • Hitachi Energy’s MicroSCADA System Data Manager SDM600
  • mySCADA myPRO software
  • Rockwell Automation’s FactoryTalk Diagnostics

Subscribers favorite #2

Lockbit 3.0 Victimized Fullerton India

LockBit ransomware group claimed to have stolen critical data from an Indian financial solutions company ‘Fullerton India.’a firm offering clients a wide range of services. According to our investigations, the LockBit group claimed to have nicked about 600GB of company data from the Indian financial solutions firm coming from a successful hack.

LockBit mentioned that those stolen data are loan agreements with individuals and legal companies, customer status and organisational accounts, agreements with financial institutions, data on international transfers, financial documents, mail correspondence on important transactions with attachments, customers’ personal information, and more others they did not reveal.


Subscribers favorite #3

Rorschach Ransomware Dissection

Researchers have spotted, threat actors have deployed a new ransomware strain using the Palo Alto Cortex XDR Dump Service Tool, a commercial security product and it’s dubbed as Rorschach.

Unlike other ransomware cases, the threat actor did not hide behind any alias and appears to have no affiliation to any of the known ransomware groups. Those two facts, rarities in the ransomware ecosystem, piqued CPR’s interest and prompted us to thoroughly analyze the newly discovered malware.

The ransomware is highly customizable and contains technically unique features, such as the use of direct syscalls, rarely observed in ransomware. Moreover, due to different implementation methods, Rorschach is one of the fastest ransomwares observed, by the speed of encryption.


We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Subscribers favorite #4

BlackCat Ransomware affiliate exploits Veritas Exec Vulnerabilities

An affiliate of the BlackCat ransomware, dubbed UNC4466, is exploiting vulnerabilities in the Veritas Backup Exec software to gain initial access to the targeted network.

Researchers observed that the UNC4466 group has been exploiting the Veritas vulnerabilities in the wild since October 2022 based on the release of the Metasploit module that exploits the vulnerabilities

More than 8,500 IP addresses are still running Symantec/Veritas Backup Exec ndmp service on ports 9000, 10001, and the default port 10000, many of which could be exposed to the attack.

  • CVE-2021-27876: arbitrary file access flaw
  • CVE-2021-27877: remote unauthorized access 
  • CVE-2021-27878: arbitrary command execution flaw

These above vulnerabilities were abused by the attackers and were disclosed by Veritas in March 2021, and a fix was released with version 21.2.


Subscribers favorite #5

Rilide Malware Dissection

Researchers discovered a new malware dubbed as Rilide that fakes legitimate Google Drive extensions to inject malicious scripts and steal cryptocurrency.

The malware targets Chromium-based browsers like Google Chrome, Microsoft Edge, Brave, and Opera. Rilide uses malicious browser extensions. It has a standout capability to simulate dialogs. Using forged dialogs, the malware lures users to disclose their 2FA. Then, it will steal their cryptocurrencies.

This brings end of this month in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.