Cyware Daily Threat Intelligence

Daily Threat Briefing • Apr 3, 2024
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Apr 3, 2024
American and Australian organizations have come under attack from a newly identified Agent Tesla operation. Commenced in November last year, threat actors Bignosa and Gods utilized phishing and other malware distribution techniques to infect potential victims. Announcing critical updates, Google addressed 25 bugs in Pixel device, including two actively exploited flaws in Pixel's bootloader and firmware. The update addresses various issues, with the most severe impacting Android 13 and 14.
Children, games, and cybercriminals form a vicious loop. A new campaign is luring gamers into clicking on malicious links embedded in YouTube video descriptions. These are disguised to target children with pirated software and video game cracks, posing a significant online safety risk.
Malware campaign hits the U.S. and Australia
A sophisticated malware campaign orchestrated by threat actors Bignosa and Gods has been found targeting organizations in the U.S. and Australia. The operation exploits vulnerabilities in self-check-in kiosks and employs sophisticated tactics, such as spam campaigns and malware protection with the Cassandra Protector, to drop Agent Tesla. Collaborative efforts involving mentorship and technical support were identified between the threat actor groups, as revealed through Jabber communications.
Malicious links disguised in YT video descriptions
Proofpoint warned users of a new campaign deceiving them into clicking on malicious links in YouTube video descriptions. Info-stealer malware, including Vidar, StealC, and Lumma Stealer, are being delivered disguised as pirated software and video game cracks alongside legitimate content. Popular games, especially those appealing to children, are used as lures, indicating a focus on less savvy users. YouTube has removed over two dozen accounts and videos flagged by Proofpoint.
Google patches dozens of Android bugs
Google released patches for 28 vulnerabilities in Android, with 25 affecting Pixel devices. This also included two exploited flaws in Pixel's bootloader and firmware. The company warns of targeted exploitation but doesn't provide specific details. The update addresses various vulnerabilities leading to the elevation of privilege and information disclosure issues, along with fixes for Qualcomm components. The most severe issue, CVE-2024-23704, affects Android 13 and 14.
Critical SQL injection flaw in WordPress plugin
A critical security vulnerability (CVE-2024-2879) was identified in WordPress's LayerSlider plugin (a visual web content editor), affecting versions 7.9.11 through 7.10.0. This SQL injection flaw, with a CVSS score of 9.8, allowed unauthenticated attackers to extract sensitive information, including password hashes, from databases. The issue has been addressed in version 7.10.1, released on March 27.