Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 13, 2022

Another actively exploited bug was reported in the last 24 hours. The critical bug in FortiOS SSL-VPN urges your utmost attention as it has already been exploited in one instance. For its mitigation, Fortinet has advised disabling SSL-VPN. Meanwhile, a rather harmful spying activity was noticed in an app downloaded by thousands of iPhone and Android users across the globe. Named Xnspy, the app behaved as stalkerware and followed poor cyber hygiene, thereby leaking victims' data.

Now zero days in Endpoint Detection & Response (EDR) and antivirus products pose a different level of threat altogether. A researcher has singled-out vulnerabilities in products from several top vendors.

Top Breaches Reported in the Last 24 Hours

Uber spilled sensitive data

Uber had its employee data, corporate reports, and other data impacted, owing to a third-party breach. The incident came to light after a threat actor published the data allegedly stolen from Uber and Uber Eats on a hacker forum. The third-party vendor that suffered a network breach is Teqtivity, an asset management and tracking service provider.

Hive in Knox College networks

Students at Knox College, Illinois, received an email claiming to be from the Hive ransomware group. With the email, hackers claimed to have severely impacted the critical infrastructure and stolen data from the college’s backup servers to access sensitive personal information such as medical records and SSNs. The threatening email read “In less than 24 hours, your data will be leaked on our site.”

LockBit takes a major bite

California’s Department of Finance fell victim to a ransomware operation by the LockBit group. Hackers may have fled away with 76 GB of data. They have given the agency a December 24 deadline to cough up a ransom or face the consequences in the form of data exposure. The group has posted seven screenshots containing internal documents and a file directory for other stolen files.

Top Malware Reported in the Last 24 Hours

Xnspy: a stalkerware in disguise

More than 60,000 Android and thousands of iPhone device owners had their data stolen after they downloaded an activity monitoring app. The malicious app, known as Xnspy, was explicitly marketed for spying on domestic partners’ devices or a spouse without their knowledge or permission. Several flaws in the app blurted out credentials and private keys left unattended by the developers.

Typosquatting hits Py and Js developers

A hacker was observed typosquatting well-known PyPI packages to infect developers with payloads written in Go language. This could lead to a new software supply chain attack. Researchers revealed that the plan was to infect victims with ransomware strains and instruct the victim to open a ‘readme’ file as they impersonate the CIA.

A ransomware trio targets Windows

According to Fortinet, three new (typical) ransomware families, named Aerst, ScareCrow, and Vohuk, are being increasingly used in attacks. The core target of the malware infection remains users in Germany and India. Experts have jotted down some similarities between ScareCrow and Conti, suggesting the former’s developer might have referred to the leaked Conti source code.

Top Vulnerabilities Reported in the Last 24 Hours

Fortinet’s emergency patch

Fortinet has urged its customers to patch a critical severity security flaw in its FortiOS SSL-VPN product. The flaw, identified as CVE-2022-42475, is a heap-based buffer overflow vulnerability that an unauthenticated attacker can abuse to execute arbitrary code, especially via crafted requests. As per the claim, the company is aware of this flaw being exploited in the wild.

Zero days give birth to wiper tools

SafeBreach Labs uncovered several security zero-day flaws in EDR and antivirus products that could be exploited to create next-gen data wipers. For instance, a researcher could abuse the flaws to delete arbitrary files and directories on the compromised systems, while rendering the machine inoperable.

Related Threat Briefings