Cyware Daily Threat Intelligence
Daily Threat Briefing • Dec 6, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Dec 6, 2023
Loan apps pose a growing cyber risk. ESET telemetry has depicted a noticeable growth in loan apps across unofficial third-party app stores, Google Play, and other websites, with a focus on potential borrowers in Southeast Asia, Africa, and Latin America. Over 12 million downloads of such apps have been recorded this year. New insecurities in routers have emerged with Sierra’s AirLink routers, used in various sectors, including government, manufacturing, healthcare, and emergency services, found to be affected by nearly two dozen vulnerabilities. Additionally, experts disclosed over 86,000 unsecured AirLink routers awaiting patches since 2019.
As awareness grows, scammers refine their tactics. For example, a sophisticated USPS delivery phishing campaign has come to light. Researchers have identified over 3,000 phishing domains mimicking Walmart during this holiday season, aimed at U.S. consumers.
IT services firm confirms cyberattack
HTC Global Services, an IT services and consulting company, has acknowledged a cyberattack after the ALPHV ransomware gang began leaking stolen data screenshots. While the company has not provided detailed information, cybersecurity professionals suggest criminals potentially exploited the Citrix Bleed vulnerability for initial access. Stolen data allegedly includes passports, contact lists, and confidential documents.
**Phishing attack impacts Hershey **
The Hershey Company has reported a data breach affecting 2,214 individuals following a phishing campaign that targeted its employees in early September. The attackers gained access to personal information, including names, health and medical details, insurance information, digital signatures, dates of birth, addresses, contact information, driver's license numbers, credit card numbers with security codes, and credentials for online and financial accounts.
Healthcare entities hit by cyberattacks
East River Medical Imaging, New York, disclosed unauthorized access affecting 605,809 patients, exposing varying details such as names, contact information, and Social Security numbers. Simultaneously, Fred Hutchinson Cancer Center detected unauthorized network activity during Thanksgiving week, leading to the shutdown of the clinical network. The impact on patient data remains uncertain.
SpyLoan apps and their deceptive loan schemes
ESET researchers have identified a significant increase in deceptive Android loan apps this year, accumulating over 12 million downloads from Google Play and third-party app stores. These malicious apps, named SpyLoan, masquerade as legitimate personal loan services, promising quick access to funds. However, their actual intent is to defraud users by offering high-interest-rate loans and collecting personal and financial information for potential blackmail. The apps are actively promoted through SMS messages and popular social media channels.
Qualcomm’s high-severity flaws exploited
Qualcomm disclosed additional information about three high-severity security flaws—CVE-2023-33063, CVE-2023-33106, CVE-2023-33107—that were subject to limited, targeted exploitation in October 2023. The nature of the exploitation and the attackers behind the incidents remain unknown. In response to the heightened risk, the CISA has added the flaws to its KEV catalog, advising federal agencies to apply patches promptly.
Atlassian’s critical flaws lead to RCE
Atlassian released patches for four critical vulnerabilities, including a deserialization flaw (CVE-2022-1471) in the SnakeYAML library, and RCE flaws in Confluence Data Center and Server (CVE-2023-22522), Assets Discovery for Jira Service Management (CVE-2023-22523), and Atlassian Companion app for macOS (CVE-2023-22524). All scored CVSS 9.0 or more on the severity scale for threats. If successfully exploited, these vulnerabilities could lead to code-based execution attacks.
Open-source library bug affects NFT contracts
An undisclosed security flaw in a common open-source library within the Web3 space has impacted the security of pre-built smart contracts, affecting multiple NFT collections, including those of Coinbase. Web3 development platform Thirdweb, which discovered the vulnerability, released a minimal disclosure to prevent tipping off attackers but has urged smart contract owners to take immediate mitigation measures.
15,000 Go modules repo vulnerable to repojacking
A recent study reveals that more than 15,000 Go module repositories on GitHub were found susceptible to repojacking, a supply chain attack that exploits changes in GitHub usernames and account deletions. Out of these, over 9,000 repositories are at risk due to GitHub username changes, while more than 6,000 are vulnerable due to account deletions. This issue particularly affects Go modules as they are decentralized, allowing attackers to register unused usernames, duplicate module repositories, and publish malicious modules.
Critical flaws reported in Sierra OT/IoT routers
Sierra OT/IoT routers face a severe threat with the discovery of 21 vulnerabilities by Forescout Vedere Labs. The flaws impact Sierra Wireless AirLink cellular routers, commonly used in critical infrastructure, and open-source components, such as TinyXML and OpenNDS. These vulnerabilities expose the routers to risks such as remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. Forescout researchers found over 86,000 AirLink routers exposed online, with a large number yet to be patched for vulnerabilities disclosed in 2019.
USPS impersonation scam mimics Walmart
Cybercriminals have expanded their USPS impersonation scam by creating a domain that mimics Walmart's appearance and incorporates IP location data into its delivery tracking process. The phishing site utilizes free hosting services to run deceptive websites, making it more challenging for users to distinguish genuine services from scams. The scam involves SMS or email-based distribution of phishing links, potentially leading to financial exploitation and social engineering attacks.