Cyware Daily Threat Intelligence

Daily Threat Briefing • April 13, 2023
Daily Threat Briefing • April 13, 2023
Now you can protect yourself against BlackLotus UEFI bootkit attacks. The Incident Response team at Microsoft has pinpointed various stages in the installation and execution process of the malware that can enable its detection. Criminals would abuse the CVE-2022-21894 vulnerability to pull off bootkit attacks. In other news, Fortinet released a series of updates fixing several vulnerabilities affecting its range of products. The most critical among them was a security hole impacting data analytics solution platform FortiPresence.
Telegram has once again come in handy to cybercriminals who are offering a new offensive tool dubbed Legion to others. The highlight of the Python-based credential harvester and hacking tool is that it has the ability to spam mobile users in the U.S., across all carriers.
Unprotected database at fintech firm
Cybersecurity researcher Jeremiah Fowler located an unguarded database that contained a large number of PDF documents pertaining to NorthOne Bank. The PDFs contained invoices from both businesses and individuals who leverage an app to pay for products and services. More than 320,000 American companies use the bank’s services.
Hyundai revealed data breach
A data breach has affected Hyundai's French and Italian customers, as well as those who scheduled a test drive. The breach allowed unauthorized individuals to obtain personal information such as email addresses, physical addresses, phone numbers, and vehicle chassis numbers. The firm has assured victims that their financial information wasn’t affected in the incident.
**Ransomware attack on luxury yacht maker **
German shipbuilder Lürssen disclosed that it fell victim to a ransomware attack over the Easter weekend. It is unsure about stolen customer information. The attack has caused significant disruptions to the operations of the company, with only the Lürssen-Kröger shipyard in Schleswig-Holstein remaining operational.
Protect against UEFI bootkit
Microsoft has shared guidelines to assist organizations in determining whether their systems have been compromised by BlackLotus UEFI bootkit through the CVE-2022-21894 flaw. Detecting malware that targets UEFI is generally difficult because such threats are active even before the OS starts running, leading to disabling security elements.
Legion: a new hijacking tool
The cybercriminal group, which goes by the moniker “Forza Tools,” was seen offering Legion - a Python-based credential harvester and SMTP hijacking tool. The malware targets online email services for phishing and spam attacks. Experts suggest it is likely based on the AndroxGhOst malware and has several feature modules.
Bug in popular WordPress plugin
Limit Login Attempts WordPress security plugin, which has over 600,000 installations, was affected by a flaw that could allow an unauthenticated hacker to take over websites. However, the flaw doesn’t affect every single website that has deployed the plugin. Experts urged users to immediately upgrade to version 1.7.2.
Fortinet addresses multiple flaws
A sensitive vulnerability was patched in Fortinet’s FortiPresence that could be leveraged to gain access to Redis and MongoDB instances. Earmarked CVE-2022-41331, the flaw can be exploited by a remote, unauthenticated attacker, through specially crafted authentication requests. Meanwhile, other flaws across products risk devices to XSS attacks, arbitrary code execution, privilege escalation, MitM attacks, information disclosure, and other threats.
Zelle scams are back
Scammers were seen impersonating money-transfer service Zelle and convincing service users to click on malicious links. The phishing email informs a potential victim that they have received money from Zelle and it has not been accepted yet. The email has a click button ‘Get paid’. Adversaries have apparently done a decent job of imitating the platform, said security experts.