Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Skip to main content

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 29, 2022

Organizations that have deployed controllers made by Rockwell Automation into their systems need to watch out. Researchers have laid bare a total of four bugs across its products that can trigger various conditions, such as privilege escalations, DoS, arbitrary code execution, and more. A couple of bugs in Citrix ADC and Gateway have become a concern as thousands of endpoints still lying unfixed, revealed NCC Group. The NSA also warned against this threat earlier this month.

Moreover, Cyber adversaries are increasingly using Google Ads to deliver Raccoon Stealer, IcedID botnet, and other malware families. They trap potential victims by promoting fake websites of top software and applications.

Top Breaches Reported in the Last 24 Hours

U.S. telecom provider suffers ransomware attack

Telecommunications company Intrado allegedly fell victim to a ransomware attack by the Royal group. Reports suggest that the attack began on December 1 and hackers demanded $60 million in ransom. According to hackers, they could harvest internal company documents, passports, and driving licenses of employees from its server.

Breach at U.S. healthcare provider

Lake Charles Memorial Health System (LCMHS), Southwest Louisiana, disclosed an unauthorized third-party intrusion in its network affecting 270,000 patients. It announced that the personal and medical information of individuals was compromised in a data breach. The organization did not comment on the nature of the cyberattack.

Top Malware Reported in the Last 24 Hours

Raccoon Stealer and IceID malware via Google Ads

Different malware operators are increasingly abusing the Google Ads platform to drop malware, including variants of Raccoon Stealer and the IcedID botnet. Threat actors clone the official websites of popular software to lure users into downloading their malicious versions.

Top Vulnerabilities Reported in the Last 24 Hours

Thousands of vulnerable Citrix products

NCC Group’s Fox IT team reported thousands of Citrix ADC and Gateway deployments vulnerable to two sensitive security holes. The first bug, CVE-2022-27510, is an authentication bypass flaw. The second bug, CVE-2022-27518 enables unauthenticated attackers to perform RCE attacks. The latter was being exploited in the wild during the release of a security update.

Flawed controllers at Rockwell Automation

Controllers by Rockwell Automation were found to host multiple high-severity flaws. The flaws identified are tracked as CVE-2022-3156, CVE-2022-3157, CVE-2022-46670, and CVE-2022-3166. Rockwell Automation has published individual advisories for each vulnerability. The firm is not aware of any exploitation of these.

Related Threat Briefings