Cyware Daily Threat Intelligence

Daily Threat Briefing • April 12, 2023
Daily Threat Briefing • April 12, 2023
Patch Tuesday is here! Microsoft, SAP, Adobe, Siemens, and Schneider Electric have rolled out security patch updates for their users. Notably, Microsoft has addressed a zero-day that was being exploited by a ransomware group primarily targeting small and midsized organizations in North America, the Middle East, and Asia. On the other hand, Adobe has issued updates to mitigate 16 security vulnerabilities in Adobe Acrobat and Reader for Windows and macOS devices. Various threats posed due to the vulnerabilities included code execution, privilege escalation, security bypass, and memory leak.
Moving on, if you get a Google Chrome automatic update failure pop-up on your screen, be cautious. It might just be hackers waiting to compromise your systems to mine Monero. The campaign began in November 2022, however, went a little aggressive after February 2023.
Data of Kodi users lay exposed
The Kodi Foundation, the open source home theater software developer, has apparently suffered a breach wherein a threat actor was seen offering the data of 400,000 Kodi users on the dark web. Criminals reportedly accessed the web-based MyBB admin console to compromise the account of an inactive administrator.
Malware disguised as document
FortiGuard Labs detected a malicious document masquerading as a communication from Energoatom, a state-run entity responsible for managing Ukraine's nuclear power stations. Threat actors were found using the Havoc Demon backdoor camouflaged as a legitimate component of Microsoft Office. It was even signed with an invalid portal[.]office[.]com certificate.
Malware via Fake Chrome update notification
Security experts at NTT uncovered an attack campaign that injects malicious scripts into vulnerable websites to display fake Google Chrome automatic update errors. Ongoing since November 2022, the campaign aims to drop malware payloads onto the systems of unaware visitors to mine Monero. Cybercriminals are serving malware through compromised adult sites, blogs, online stores, and news sites.
Siemens and Schneider Electric’s patch update
Siemens issued 14 new advisories addressing a total of 26 vulnerabilities. The most critical bug was observed in Sicam A8000 series remote terminal units (RTUs) that could lead to the execution of arbitrary commands. Whereas, Schneider Electric released six new advisories fixing a dozen vulnerabilities. The most serious ones affect APC and Schneider-branded Easy UPS online monitoring software.
Microsoft Patch Tuesday
Microsoft has patched a zero-day in the Windows Common Log File System (CLFS) that could allow an unauthenticated user to fully takeover targeted Windows systems. An attacker can escalate privileges and launch ransomware payloads as seen in Nokoyawa attacks. The flaw concerns all supported Windows server and client versions. Besides, Microsoft patched 96 other security flaws as part of this month's Patch Tuesday.
Adobe fixes dozens of security bugs
Adobe released its APSB23-24 bulletin that delves into 16 high-severity security flaws in the Adobe Acrobat and Reader software affecting both Windows and macOS users. If successfully exploited, it could lead to arbitrary code execution, privilege escalation, security feature bypass, and memory leak issues. The rest of the flaws were fixed in Adobe Substance 3D Stager, Adobe Dimension, and Adobe Substance 3D Designer.
SAP addressed two critical bugs
In its April 2023 security updates, SAP rolled out fixes for two critical-severity bugs that impact the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform. All in all, SAP has released 24 security notes, 19 of which concern new issues of varying importance, and five are updates to previous bulletins. CVE-2023-27267, CVE-2023-28765, and CVE-2023-29186 require utmost attention, warn researchers.