Cyware Daily Threat Intelligence
Daily Threat Briefing • Aug 4, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Aug 4, 2023
A new version of Rilide Stealer lurks in the threat landscape to target users’ banking data by circumventing Google Chrome Manifest V3 restrictions. The threat actors are most probably using fake landing pages, and hosting legitimate AnyDesk software to employ vishing tactics and trick victims into installing the application. In another scenario, security researchers found critical vulnerabilities in routers meant for industrial purposes. Interestingly, there were flaws in its VPN application as well which is supposed to limit a user’s exposure to the internet.
Threat actors heavily focus on older software vulnerabilities that are left unpatched by organizations rather than newly disclosed ones. The coalition of Five Eyes has released the list of the 12 most exploited vulnerabilities in 2022 which includes several such vulnerabilities.
Cyberattack disrupts NOIRLab
The National Science Foundation’s National Optical-Infrared Astronomy Research Laboratory (NOIRLab) in the U.S. was hit by a cyberattack, impacting operations at the Gemini Observatory's telescope in Hawai'i. The attack led to the suspension of astronomical observations at Gemini North on Maunakea. Both the Hawai'i and Chile telescopes were shut down as the incident is being investigated, and recovery plans are developed.
Travel firm expose sensitive customer data
Mondee, a renowned travel company, left a database exposed to the internet without a password, potentially blurting out sensitive customer information. The 1.7 TB-sized database contained personal data, detailed flight and hotel itineraries, passport numbers, and unencrypted credit card information. It remains unclear if any malicious actor accessed the data or if affected customers will be notified.
Rilide steals data and cryptocurrency
Trustwave uncovered an updated version of the Rilide Stealer, which targets Chromium-based web browsers to steal sensitive data and cryptocurrency. The malware exhibits a higher level of sophistication with modular design, code obfuscation, and adoption of the Chrome Extension Manifest V3. It is capable of disabling other browser add-ons, harvesting browsing history and cookies, collecting login credentials, taking screenshots, and injecting malicious scripts to withdraw funds from cryptocurrency exchanges.
Dozens of bugs in industrial router
Cisco Talos security researchers identified over 60 security lapses in the Milesight UR32L industrial router, potentially allowing for arbitrary code or command execution. The most severe vulnerability, CVE-2023-23902, could lead to remote code execution through a buffer overflow in the router's HTTP server login functionality. While the vendor provides MilesightVPN to reduce exposure to the internet, Talos found vulnerabilities in the VPN application as well.
Top 12 most exploited vulnerabilities
Cybersecurity agencies from the Five Eyes countries have issued a list of the 12 most exploited vulnerabilities in 2022 in collaboration with CISA, the NSA, and the FBI. The top spot went to CVE-2018-13379, a Fortinet SSL VPN vulnerability fixed in May 2019, which was abused by state hackers to breach U.S. government elections support systems. The advisory urges organizations to address these flaws and implement mitigation measures to reduce exposure to attacks.