Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 17, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 17, 2022
Browser bugs are highly sensitive to credentials stored over the platform. Google is alerting users about a critical zero-day bug in the Chrome browser whose exploit is readily available and hackers are using it. Additionally, the tech giant has addressed 10 more browser bugs. In another update, Kaspersky has identified two malicious PyPI packages impersonating a popular open-source package. Hackers also displayed fake stats for the number of times they were installed and the rating they had on GitHub.
Yet another intrusion on Counter-Strike networks. Its skin trading platform CS.MONEY has suffered a major breakdown after hackers pilfered items worth $6 million. Approximately 100 bot accounts were used in the attack.
Microsoft employees expose credentials
Several individuals from Microsoft have apparently laid bare their sensitive login credentials on GitHub. The exposed credentials pertained to an official Microsoft tenant ID and concerned Azure servers. Motherboard said that the incident offered a quick way for cybercriminals to hack into internal Microsoft systems.
CS.MONEY robbed of $6 million
One of the largest platforms for trading CS:GO skins CS.MONEY was attacked and the website was pulled down in the wake of a cyberattack. Attackers reportedly stole 20,000 items worth nearly $6 million. The attack spurred out of 100 controlled bot accounts pursuing thousands of transactions, stealing the items to their own accounts. All the stolen skins transferred are in trade-lock now.
A couple of unwanted PyPI packages
Security researchers at Kaspersky uncovered two more malicious PyPI packages parading as one of the most popular open-source packages, named “requests“. As per findings, the code of the infected packages was eerily similar to the authentic code of the ‘requests’ package, besides for a file known as exception.py. The malware can steal session cookies, IP addresses, passwords, and more.
Splunk patches multiple bugs
Multiple vulnerabilities in Splunk’s Splunk Enterprise and Universal Forwarder were addressed within its new set of quarterly patches. Among these was a high-severity flaw in TLS certificate validation. Tracked as CVE-2022-37437, the flaw affects connections between Splunk Enterprise and an Ingest Actions Destination that are made through Splunk Web. Other bugs were seen impacting Universal Forwarder as well, along with Splunk Enterprise.
A dozen Google Chrome flaw
Google issued fixes for 11 bugs in the Chrome browser (desktop version). It warns users against an actively exploited high-severity zero-day flaw in the wild while urging them to update their browser. The critical bug, identified as CVE-2022-2856, is an issue owing to insufficient validation of untrusted input in Intents. Most of the other bugs are use-after-free vulnerabilities in various components.