Cyware Daily Threat Intelligence
Daily Threat Briefing • Dec 7, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Dec 7, 2022
Making its way through a third-party script, a cybercriminal group from Russia infiltrated dozens of e-commerce sites globally to pilfer card data. The issue, as highlighted, was the lack of visibility into the third party’s code, topped with deplorable security practices. Beware of a new malware threat upping its ante against Linux servers and IoT devices. Known as Zerobot, it targets multiple vulnerabilities for initial access to take over devices and has two versions available in the market.
Furthermore, Google issued numerous patches in its December 2022 Android updates. It encompasses security holes across Android Runtime, Framework, Media Framework, System, and Google Play system update components.
Chinese hackers target Amnesty International
It is believed that a suspected Chinese threat group breached Amnesty International Canada. The human rights NGO identified the breach in its IT infrastructure in the first week of October. Researchers have not confirmed the leak of any type of data in the incident. An in-depth investigation is ongoing.
A couple of attacks hit New Zealand
New Zealand’s MSP Mercury IT fell victim to a cyberattack. The attack is delicate in nature as it offers its services to many government agencies and businesses. New Zealand's Privacy Commission said the information impacted and the extent of the attack is being studied. Meanwhile, the attack has also compromised a plethora of sensitive data of patients at Te Whatu Ora, a health service in the country.
Belgium city disrupted in new attack
A hacker group sabotaged Antwerp's (Belgium) services by crippling the servers of the city's digital partner Digipolis. The victim firm provides administrative software that extends to services used by citizens, daycare centers, schools, and the police - all of which suffered interference, of one type or the other, in their operations.
Zerobot - a Linux-based malware
Researchers from FortiGuard Labs disclosed a unique botnet that abuses IoT vulnerabilities. Dubbed Zerobot, the malware contains several modules, such as self-replication and self-propagation. The malware, written in the Go language, can also communicate to its C2 server using the WebSocket protocol. The campaign allegedly began sometime post-mid-November.
Google rolled out 75 patches
December 2022 Android updates received bug fixes for 75 flaws, with CVE-2022-20411 as the most critical among them. It is an RCE bug in Android’s System component that could be exploited over Bluetooth. The company addressed two other high-severity RCE flaws, tracked as CVE-2022-20472 and CVE-2022-20473, in the Framework component.
New Sophos Firewall version is out
Sophos informed its customers about seven vulnerabilities in its Sophos Firewall version 19.5 that has been patched. This includes a critical arbitrary code execution flaw, CVE-2022-3236, which was exploited in September against organizations, especially in South Asia. However, the flaw is not a new one.
Group X pursues web skimming
JavaScript protection vendor Jscrambler found a web skimming campaign active since last year. The attack campaign has claimed more than 40 e-commerce websites as victims by exploiting a third-party JS library known as Cockpit. Experts say that Russian Group X illegally exported the card data to its server by pulling off supply-chain attacks against the victims.