Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 21, 2023

Back after a hiatus is none other than HiatusRAT. This time, it has allegedly returned to snoop on military contracts, although its targets also include semiconductor and chemical manufacturers. The attacks were observed from mid-June to August. ‘Tis the time to up your patch management game, especially, for high-severity vulnerabilities found in different Cisco enterprise applications. The firm has also cautioned about the release of a PoC exploit code abusing bugs related to SQL injection, privilege escalation, directory traversal, and DoS.

Since we are discussing bugs, RARLAB has addressed a critical RCE issue in its widely used file archiver software WinRAR. WinRAR users are required to manually update to version 6.23 as soon as possible; it doesn’t have an auto-update option.

Top Breaches Reported in the Last 24 Hours

Ransomware attack on German Federal Bar Association

Germany's Federal Bar Association (BRAK), overseeing 166,000 lawyers across the country, is investigating a ransomware intrusion at its Brussels office. The NoEscape ransomware group claimed responsibility for the attack, which led to email server encryption and the theft of 160GB of data. The organization is figuring out how much information—involving communications from people contacting the Brussels office—was impacted.

Tesla discloses whistleblower leak

Electric car manufacturing giant Tesla disclosed a data breach impacting about 75,700 individuals, caused by former employees leaking confidential information to a German media outlet, Handelsblatt. This has led to the exposure of personal data, including Social Security numbers, names, contact details, and employment-related records of current and former employees.

Top Malware Reported in the Last 24 Hours

HiatusRAT shows off reconnaissance skills

The HiatusRAT malware group reemerged to target Taiwan-based organizations and a U.S. military procurement system. Lumen Black Lotus Labs reported that the group has recompiled malware samples for various architectures and hosted them on new virtual private servers. HiatusRAT's infrastructure employs payload and reconnaissance servers managed by Tier 1 and Tier 2 servers, reflecting an evolving and aggressive strategy.

Unsupported compression technique to evade detection

Threat actors are reportedly exploiting APK files that employ unknown or unsupported compression methods to bypass malware analysis, warned cybersecurity firm Zimperium. The approach hinders decompilation efforts while still enabling installation on Android devices running OS versions above Android 9 Pie. Zimperium found 3,300 instances of this tactic in the wild, with 71 of them being compatible with the operating system.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco patches high-severity bugs

Cisco has released security updates to address critical vulnerabilities affecting its enterprise applications. The most critical among them, CVE-2023-2021, impacts Cisco Unified CM SME, potentially enabling remote authenticated attackers to perform SQL injection attacks and gain unauthorized access to databases or elevate privileges. It also fixed one more elevation bug in ThousandEyes Enterprise Agent and two DoS bugs in ClamAV.

Sensitive flaws in J-Web interface

Juniper Networks rolled out patches for four vulnerabilities found in the J-Web interface of Junos OS, potentially allowing unauthenticated remote code execution when exploited in a chained manner. Although each vulnerability is rated "medium,” their chained exploit poses a critical severity risk. The vulnerabilities involve PHP external variable modification and missing authentication flaws, enabling attackers to control environment variables, upload arbitrary files, and impact the file system's integrity.

Critical RCE flaw in WinRAR

RARLAB has released a security update to address a critical RCE vulnerability, earmarked CVE-2023-40477, in the WinRAR archiver software. The flaw stems from improper validation of user-supplied data during the processing of recovery volumes, potentially leading to memory access beyond allocated buffers. While the vulnerability can be exploited remotely, its CVSS score of 7.8 factors in the requirement for user interaction, typically through downloading and opening a malicious RAR file.

Related Threat Briefings