Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 14, 2023

With the U.S. reaching the end of its tax season, scammers are using this ideal time to target taxpayers. In an instance, they were observed dropping the Remcos RAT via the GuLoader malware to gain initial access to corporate networks. Separately, security researchers have identified over 360,000 exposed servers affected by a security hole, in the Windows Message Queuing (MSMQ). The issue also impacts the most recent versions, including Windows 11 22H2 and Windows Server 2022.

Security firms aren’t immune to threats. Juniper Networks has rolled out patches for numerous vulnerabilities that could culminate in a DoS condition, exposure to sensitive information, security bypass, command injection, and other harmful actions.

Top Breaches Reported in the Last 24 Hours

Cryptocurrency exchange suffered huge loss

Cybercriminals rob crypto exchange platform Bitrue of 23 million in Ethereum (ETH), Quatn (QNT), GALA, Polygon (MATIC), Shiba Inu (SHIB), and Holo (HOT). The exchange stated that the impacted hot wallet held less than 5% of the overall funds. In the aftermath of the attack, it has postponed withdrawals until April 18.

Top Malware Reported in the Last 24 Hours

GuLoader drops Remcos in Tax scam

Accounting firms and tax preparers are being targeted by a phishing campaign, Microsoft has cautioned. The campaign involves the use of Remcos RAT, which helps cybercriminals gain initial entry to corporate networks. The phishing emails have links that utilize click-tracking services to bypass detection. These links eventually lead to a file-hosting site that downloads a ZIP archive containing GuLoader that eventually drops Remcos.

Top Vulnerabilities Reported in the Last 24 Hours

Severe bug in Windows Message Queuing

A crucial security flaw was uncovered in the Windows Message Queuing (MSMQ) middleware service. Tracked as CVE-2023-21554, the flaw allows an unverified user to remotely run code on Windows servers. According to Check Point Research, the flaw concerns more than 360,000 exposed servers running the MSMQ service. Notably, this attack isn’t a complex one and it doesn’t require any user interaction.

Spectre attack hovers over Linux

A Spectre-related flaw has been observed in version 6.2 of the Linux kernel by Google's product security response team. It is a medium-severity bug that can lead to potential information exposure. The team discovered that the Spectre v2 protection for Linux userspace processes was ineffective on virtual machines (VMs) hosted by "at least one leading cloud service provider."

**Intent handling issue in Android app **

The Kyocera Android printing app was found infected with an improper intent handling issue, leading to providing threat actors access to resources. As reported by the Japanese Vulnerability Notes (JVN), the security issue—tracked as CVE-2023-25954—affects multiple mobile printing apps for Android. Kyocera has addressed the vulnerability with the release of version 3.2.0.230227.

Juniper Networks releases critical patches

Juniper Networks fixed tens of vulnerabilities found across its product portfolio. The most important advisory addresses multiple critical vulnerabilities in Expat (libexpat), a third-party stream-oriented XML parser library. It also released patches for Security Threat Response Manager (STRM) to address CVE-2022-42889, a severe vulnerability in Apache Commons Text that can lead to RCE attacks.

Related Threat Briefings