Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 11, 2024

Spyware threat on the rise, warns Apple! The tech giant has sent this alert to iPhone users in at least 92 countries. In other headlines, AhnLab found Metasploit Meterpreter installed via Redis vulnerabilities. PrintSpoofer, a privilege escalation tool, was used on a Windows system, followed by Metasploit Stager malware, granting attackers control over the system.

On the bug update, multiple vulnerabilities in Google Chrome were addressed, which posed a risk of arbitrary code execution, impacting various systems. While no exploitation reports exist, users have been urged to update the program to mitigate potential threats. Furthermore, a longstanding cyberespionage group in Asia-Pacific introduced Deuterbear with enhanced evasion tactics like anti-memory scanning and decryption routine.

Top Malware Reported in the Last 24 Hours

Metasploit backdoor abuses Redis service

Experts at ASEC uncovered instances of the Metasploit Meterpreter backdoor infiltrating systems via Redis, an open-source in-memory data structure storage. Threat actors exploited misconfigured or vulnerable Redis instances to implant malware, including PrintSpoofer and Metasploit Stager. PrintSpoofer is deployed using PowerShell or CertUtil to abuse SeImpersonatePrivilege. Subsequently, Metasploit Stager fetches Meterpreter from a C&C server, granting attackers control over infected systems.

Earth Hundun’s campaign drops Waterbear variant

Cyberespionage group Earth Hundun is reportedly deploying a Waterbear variant, in Asia Pacific. Its latest iteration, dubbed Deuterbear, introduces anti-memory scanning and decryption routines, differentiating it from its predecessors. Waterbear's arsenal includes different evasion tactics alongside frequent updates enhancing its loader, downloader, and communication protocol. Notably, attackers utilize internal IP addresses for command-and-control servers, indicating deep knowledge of victims' networks and illustrating the covert nature of their operations.

Apple issues spyware threat notifications

Apple sent alerts to iPhone users in 92 countries, warning them of potential targeting by mercenary spyware attacks. The notifications advise users to take the threat seriously as the company refrained from disclosing attacker identities or affected countries to prevent adaptive behavior. Similar past incidents were linked to NSO Group's Pegasus. The alert comes amid rising concerns about state-sponsored interference in elections within selective countries.

Top Vulnerabilities Reported in the Last 24 Hours

Google Chrome bugs pose serious threat

Google Chrome was found vulnerable to multiple exploits, including out-of-bounds write, heap buffer overflow, and use after free attacks. These could lead to arbitrary code execution, potentially granting attackers extensive system access. The security holes pose a higher risk to the government and business entities, meanwhile, home users face a lower level of risk comparatively. No known exploits have been reported so far.

Related Threat Briefings