Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 5, 2022

A new Malware-as-a-Service (MaaS) platform has come to the notice of security researchers that caters to inexperienced or low-skilled hackers with multiple malicious modules to steal sensitive data and achieve remote access. There are ongoing contracts of nearly 4,000 malware builds for the platform. In another streak, the infamous Lazarus group has unleashed a slew of fraudulent cryptocurrency apps under the made-up brand called BloxHolder. The campaign is camouflaged to drop the AppleJeus malware on users’ devices.

Furthermore, we officially have the ninth Chrome zero-day vulnerability of 2022 reported recently. Google has urged customers to update quickly as they are aware of an exploit for the vulnerability dubbed CVE-2022-4262.

Top Breaches Reported in the Last 24 Hours

French hospital disrupted by attack

A potential cyberattack at a Versailles hospital center, Yvelines (France), led to the postponing of medical operations in the facility. Patients were transferred from ICU and neonatal units. While filing a complaint about the attack, the hospital mentioned an extortion attempt by the cybercriminals.

Dutch party-member data exposed

A security loophole in the app by Dutch political party Forum voor Democratie exposed the personal information of all the 93,000 current and past party members in the public domain. The leak contains the names, addresses, and bank account numbers. Most of the leaked information came from the members in Amsterdam, Rotterdam, The Hague, and Almere.

One more attack on DeFi firm

BNB-based DeFi protocol Ankr was hit by a multi-million dollar exploit. The cyber adversaries purportedly minted 6 quadrillion Ankr Reward Bearing Staked BNB. They swapped the funds using other crypto services and managed to retrieve around $5 million worth of USD Coins.

Top Malware Reported in the Last 24 Hours

DuckLogs: a new emerging MaaS

Cyble research team unearthed a new malware-as-a-service (MaaS) operation, dubbed DuckLogs. Hackers using this malware can steal information, hijack clipboard data, and monitor system controls via remote access. Thousands of criminals have taken a paid subscription to create and launch more than 4,000 malware builds.

Lazarus’ new malware campaign

North Korean threat group Lazarus was seen launching fake cryptocurrency apps under the self-made BloxHolder brand. The group’s motive appears to be deploying the AppleJeus malware for initial access which, in turn, is utilized to penetrate networks and extract crypto assets.?? The new campaign allegedly began in June 2022.

Top Vulnerabilities Reported in the Last 24 Hours

Linux vulnerability in Snap Software

Qualys researchers disclosed details about a new Linux bug tracked as CVE-2022-3328 in Snap software. An adept hacker can chain this bug with two other apparently harmless flaws to achieve root privileges on an affected system. The flaw is a race condition in Snapd, a Snap software tool, and concerns the ‘snap-confine’ program used to construct the execution environment for Snap applications.

Ninth zero-day in Chrome this year

Google warned against a highly critical zero-day described as a type of confusion flaw in the browser’s V8 JavaScript engine. Identified as CVE-2022-4262, the flaw could let a remote attacker potentially exploit heap corruption via a specially crafted HTML page. Hackers exploiting it can execute RCE-based attacks by serving untrusted code from a malicious page.

Related Threat Briefings