Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 26, 2024
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 26, 2024
As cybercriminals continue to innovate, they’re targeting Linux systems with advanced malware, exploiting flaws in machine learning software, and preying on vulnerable users on social media. Researchers have identified a new Linux malware named sedexp that uses sophisticated techniques to maintain persistence and conceal credit card skimming operations.
Additionally, over 20 vulnerabilities have been discovered in machine learning platforms, posing risks of arbitrary code execution and malicious dataset loading.
Meanwhile, scammers on Facebook are exploiting the grief of users by creating fake funeral live streams, luring them into providing personal or financial information under the guise of honoring loved ones.
sedexp - new Linux malware
Researchers identified a new Linux malware named sedexp that employs sophisticated techniques to maintain persistence and conceal credit card skimming operations. This malware, attributed to financially motivated attackers, has been active since 2022 and utilizes udev rules to ensure it runs whenever the system is rebooted. The malware can launch a reverse shell for remote access and modify memory to conceal files containing the string ‘sedexp’.
WordPress websites spread ClearFake trojan
Sucuri encountered an infected WordPress website distributing a threat through a fake popup message. Visitors were prompted to install a "root certificate" to fix an issue, which is a red flag. Clicking on the instructions led to suspicious commands, including ones that manipulate Windows Defender settings and add malware to startup programs. The malware, named ClearFake, has been designed to steal sensitive information from users, including login credentials and financial data. The malware spreads through compromised WordPress sites, often via malicious plugins or themes.
Over 20 vulnerabilities in MLOps platforms
Researchers issued warnings regarding security risks in ML software due to the discovery of over 20 vulnerabilities that could target MLOps platforms. These vulnerabilities, classified as inherent and implementation-based flaws, pose risks of arbitrary code execution and loading malicious datasets. Inherent vulnerabilities arise from the formats and processes of the target technology, enabling attackers to run code by abusing ML models and datasets. Notably, financially motivated adversaries have exploited such vulnerabilities to deploy cryptocurrency miners in unpatched systems. Chaining these vulnerabilities could lead to network infiltration and server compromises. Recommendations include isolating and hardening environments against container escape vulnerabilities.
Critical bugs in Traccar GPS
The open-source Traccar GPS tracking system has been found to have two security vulnerabilities that could allow unauthenticated attackers to remotely execute code under specific conditions. These vulnerabilities are related to path traversal (CVE-2024-24809) and unrestricted file upload (CVE-2024-31214), potentially leading to the placement of arbitrary files on the system and triggering code execution. The issues have been addressed in Traccar 6, which disables self-registration by default. The vulnerabilities affect Traccar versions 5.1 to 5.12, and the default settings make exploitation possible for unauthenticated attackers.
CISA adds Versa Director flaw to KEV catalog
The CISA added a Versa Director dangerous file type upload vulnerability (CVE-2024-39717) to its KEV catalog. This vulnerability allows for the upload of a malicious file through the Change Favicon feature in Versa Director’s GUI. The exploitation of this vulnerability has been confirmed in one instance due to a customer's failure to implement recommended firewall guidelines. The agency issued a directive for federal agencies to address this vulnerability by September 13, and private organizations are also advised to review and address vulnerabilities in their infrastructure.
Ecovacs robots can spy on owners
Researchers have uncovered vulnerabilities in Ecovacs home robots that allow hackers to exploit Bluetooth to remotely access and control the devices. One major flaw lets hackers connect to an Ecovacs robot from up to 450 feet away, enabling them to activate cameras and microphones without the owner’s knowledge. Once compromised, these robots can be used for spying without any visible alerts. Additionally, the researchers found that Ecovacs products have issues with data lingering on company servers after account deletions and security weaknesses in the anti-theft mechanisms of lawn mower robots. They warned that hacking one Ecovacs device could potentially lead to the takeover of other nearby devices.
Fake funeral live streams scam
Malwarebytes highlighted a new scam targeting users on Facebook, specifically those grieving the loss of loved ones. Scammers are creating fake funeral live streams to exploit emotional vulnerabilities, luring users into providing personal information or financial details. There are two main approaches scammers use: one involves sharing fake live stream links of funeral services, while the other asks for donations on behalf of the deceased's family. These scams often start with a comment on a funeral home's Facebook post, enticing users to click on a link to watch the funeral service live.