Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 30, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 30, 2023
Airbnb has turned into a burgeoning target for cybercriminals seeking fresh hacking opportunities. Researchers observed attack campaigns using phishing, info-stealer malware, and stolen cookies to gain unauthorized access to Airbnb accounts, which are then sold in underground markets. In a recent surge of botnet attacks, the updated DreamBus malware has targeted RocketMQ server vulnerabilities for Monero mining, with activity intensifying in mid-June 2023.
Additionally, government and business entities are at risk due to security gaps in Mozilla products, emphasizing the need for prompt updates. Users of VMware Aria Operations for Networks versions 6.2 to 6.10 were also urged to install updates against a pair of high-severity RCE flaws.
Network of University of Michigan offline
The University of Michigan experienced a significant cybersecurity incident that forced it to take its network systems offline, causing widespread disruption to online services just before the beginning of the academic year. Although some services have been restored, their availability remains unstable. Just three weeks back, Michigan State University reported that it suffered the MOVEit data theft attacks.
DreamBus malware targets RocketMQ servers
A new version of the DreamBus botnet malware is reportedly exploiting an RCE bug within RocketMQ servers. The flaw, tracked as CVE-2023-33246, affects RocketMQ versions 5.1.0 and earlier. By utilizing tools like 'interactsh' and Tor proxy services, attackers ascertain vulnerabilities and deliver the DreamBus module. This malware perpetuates through hidden services, deploying Monero miners, scripts, and lateral movement mechanisms.
Mozilla products vulnerable to code execution threats
A security advisory (MS-ISAC 2023-096) revealed multiple vulnerabilities in Mozilla products, particularly Mozilla Firefox and Mozilla Thunderbird, with the potential for arbitrary code execution. Mozilla Firefox and Mozilla Firefox ESR (intended for large organizations), along with Mozilla Thunderbird (an email client) are affected. Successful exploitation could lead to unauthorized program installations, data manipulation, or user privilege escalation.
Critical bugs in VMware's Aria Operations for Networks
VMware has issued software updates to address serious security vulnerabilities in Aria Operations for Networks. The bugs could potentially allow threat actors to bypass authentication and achieve RCE. The most severe flaw, CVE-2023-34039, allows unauthorized access to the Command-Line Interface (CLI) due to insufficient cryptographic key generation. Another vulnerability, CVE-2023-20890, involves arbitrary file writes, potentially leading to RCE.
Airbnb dark web fraud
Researchers at SlashNext revealed that cyberattackers are infiltrating Airbnb accounts through phishing, cookie theft, and malware infections. These compromised accounts are then available for purchase on underground cybercrime markets, some priced as low as a dollar. One prominent cybercrime store even offered automated "account checkers" and discounted vacation services related to Airbnb.