Cyware Daily Threat Intelligence
Daily Threat Briefing • Feb 9, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Feb 9, 2023
If you’re a user of the freemium Document Management System (DMS) offered by a handful of vendors, it’s possible that cybercriminals can gain access to your stored documents, owing to eight XSS flaws. The users of the affected DMS are advised to proceed with caution. In other news, Dota 2 gamers are also at risk. Researchers discovered four Dota 2 multiplayer online combat arena game mods that can make way for cybercriminals to install further malware on the device. To do so, hackers abuse a critical security hole in Chrome V8.
Threats spurring from ESXiArgs ransomware attacks amplify further! Now, the encrypted server can no longer be recovered using the previously recommended methods. Attackers have also altered the ransom note in this second wave of attacks.
Grocery e-Commerce platform suffers breach
A data breach at the Weee! Asian and Hispanic meal delivery business exposed the private data of 1.1 million clients. A threat actor going by the moniker IntelBroker started leaking information on a hacker forum. The leaked data included customers' full names, email IDs, contact numbers, device type (iOS, PC, Android), purchase notes, and others.
DDoS attacks choke Tor and I2P networks
The Tor network and Invisible Internet Project (I2P), a peer-to-peer network, were struck by massive DDoS traffic. The identity of the cybercriminals or their aim to disrupt services is so far unknown. The network has been the target of a series of DDoS attacks since at least July 2022, according to Tor Project's executive director Isabela Dias Fernandes. Some i2pd routers were disrupted owing to out-of-memory errors.
Money Lover’s server leaking data
A security bug in the Money Lover financial app, for Android, Windows, and iOS, allows any logged-in member to peek into the email addresses and live transaction metadata for other users' shared wallets. The exposed sensitive information included email addresses, wallet names, and limited transaction data.
Hong Kong banking institution attacked
A data incident at the Hong Kong Institute of Bankers impacted over 13,000 members and about 100,000 non-members. Officials at the Office of the Privacy Commissioner for Personal Data stated that people’s personal information was leaked during the ransomware incident on six of the institute’s servers.
Malicious Dota 2 mods
Security experts at Avast Threat Labs uncovered four malicious Dota 2 game mods that cyber adversaries are using to backdoor players' systems. The game mods were named Overdog no annoying heroes (id 2776998052), Custom Hero Brawl (id 2780728794), and Overthrow RTZ Edition X10 XP (id 2780559339). These programs could be used for logging, creating coroutines, executing arbitrary code, and making HTTP GET requests.
New ESXiArgs ransomware version
Threat actors behind ESXiArgs ransomware have now introduced a new version of the malware that now encrypts even more data than earlier for affected VMware ESXi virtual machines. Some victims have reported that despite having VMware SLP deactivated on their systems, their data was still encrypted and compromised.
Info-stealer targets crypto industry in Europe
Trend Micro spotted an active campaign that leverages a fake employment bait against the cryptocurrency industry in Eastern Europe. Hackers are reportedly deploying Enigma Stealer which is a modified version of the Stealerium information stealer. The infection chain begins with a malicious RAR archive distributed through phishing attempts or via social media.
Chrome 110 addressed 15 security holes
Chrome 110's first stable release is here. It includes 15 security updates, including 10 that resolve flaws discovered by outside researchers. Three of the externally reported flaws are rated as ‘high severity’, including a type confusion flaw in Google’s V8 engine, the full-screen mode's improper implementation, and WebRTC's out-of-bounds read flaw are a few of them. Google didn’t clarify whether any of these bugs were exploited in the wild.
Buggy freemium DMS vendors
Cybersecurity firm Rapid7 disclosed eight unpatched security flaws in open-source and freemium DMS offerings from vendors including LogicalDOC, ONLYOFFICE, Mayan, and OpenKM. The flaws offer hackers a way to persuade a human operator to save a malicious document on the platform. After the document is indexed and activated by the user, it can hand over some critical controls to attackers.
Manipulating video timestamp in security camera
A vulnerability in Dahua security cameras allows remote hackers to modify the timestamp of videos recorded with the devices. The vulnerability tracked as CVE-2022-30564 was assigned a high-severity rating by researchers, however, Dahua’s rating makes it medium-severity. The flaw concerns a range of used cameras and video recorders, including IPC, SD, NVR, and XVR products.
Crisis donation scams are back
Scammers have started taking advantage of the ongoing humanitarian crisis in Turkey and Syria. They are attempting to steal donations made by generous people worldwide. There are numerous frauds operating on Twitter that take advantage of platforms like PayPal's fundraising pages to build convincing fake websites and raise money from people looking to help earthquake victims.