Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 30, 2023

Airbnb has turned into a burgeoning target for cybercriminals seeking fresh hacking opportunities. Researchers observed attack campaigns using phishing, info-stealer malware, and stolen cookies to gain unauthorized access to Airbnb accounts, which are then sold in underground markets. In a recent surge of botnet attacks, the updated DreamBus malware has targeted RocketMQ server vulnerabilities for Monero mining, with activity intensifying in mid-June 2023.

Additionally, government and business entities are at risk due to security gaps in Mozilla products, emphasizing the need for prompt updates. Users of VMware Aria Operations for Networks versions 6.2 to 6.10 were also urged to install updates against a pair of high-severity RCE flaws.

Top Breaches Reported in the Last 24 Hours

Network of University of Michigan offline

The University of Michigan experienced a significant cybersecurity incident that forced it to take its network systems offline, causing widespread disruption to online services just before the beginning of the academic year. Although some services have been restored, their availability remains unstable. Just three weeks back, Michigan State University reported that it suffered the MOVEit data theft attacks.

Top Malware Reported in the Last 24 Hours

DreamBus malware targets RocketMQ servers

A new version of the DreamBus botnet malware is reportedly exploiting an RCE bug within RocketMQ servers. The flaw, tracked as CVE-2023-33246, affects RocketMQ versions 5.1.0 and earlier. By utilizing tools like 'interactsh' and Tor proxy services, attackers ascertain vulnerabilities and deliver the DreamBus module. This malware perpetuates through hidden services, deploying Monero miners, scripts, and lateral movement mechanisms.

Top Vulnerabilities Reported in the Last 24 Hours

Mozilla products vulnerable to code execution threats

A security advisory (MS-ISAC 2023-096) revealed multiple vulnerabilities in Mozilla products, particularly Mozilla Firefox and Mozilla Thunderbird, with the potential for arbitrary code execution. Mozilla Firefox and Mozilla Firefox ESR (intended for large organizations), along with Mozilla Thunderbird (an email client) are affected. Successful exploitation could lead to unauthorized program installations, data manipulation, or user privilege escalation.

Critical bugs in VMware's Aria Operations for Networks

VMware has issued software updates to address serious security vulnerabilities in Aria Operations for Networks. The bugs could potentially allow threat actors to bypass authentication and achieve RCE. The most severe flaw, CVE-2023-34039, allows unauthorized access to the Command-Line Interface (CLI) due to insufficient cryptographic key generation. Another vulnerability, CVE-2023-20890, involves arbitrary file writes, potentially leading to RCE.

Top Scams Reported in the Last 24 Hours

Airbnb dark web fraud

Researchers at SlashNext revealed that cyberattackers are infiltrating Airbnb accounts through phishing, cookie theft, and malware infections. These compromised accounts are then available for purchase on underground cybercrime markets, some priced as low as a dollar. One prominent cybercrime store even offered automated "account checkers" and discounted vacation services related to Airbnb.

Related Threat Briefings