Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Skip to main content

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 15, 2023

Owing to their notoriety and impact, North Korean hackers are one of the most talked about threats. For instance, a North Korean cyberespionage group has now surfaced with a phishing attack that drops a new malware backdoor strain dubbed M2RAT. Going by the findings, it leaves minimum traces of its malicious activities on an infected system. Another malware making the headlines is called Beep that facilitates other threat actors looking to infect victims with their own payloads. It is being delivered via spam email attachments, Discord, or OneDrive URLs.

Furthermore, researchers have discovered a template injection approach that might be used to take full control of an organization's network by abusing the open source SaltStack IT configuration and orchestration platform.

Top Breaches Reported in the Last 24 Hours

Tonga Communications Corporation breached

Tonga’s state-owned Tonga Communications Corporation was hit by a ransomware attack. The incident may slow down the process of connecting new customers, delivery of bills, and managing customer inquiries, according to officials. It assured that the attack had no impact on voice and internet service delivery to the customers.

**Sensitive record accessed at Louisiana HBCU **

Social Security Numbers (SSNs) and other personal information of nearly 44,000 students and vendors associated with the only Catholic historically Black college or university (HBCU) were exposed in a cyberattack. Xavier university’s official filing read that an unauthorized party illegally gained access to students’ full names and SSNs. Victims were informed.

GoAnywhere MFT bug hits CHS

Community Health Systems is one of the victims of the series of attacks involving the abuse of a zero-day in Fortra’s GoAnywhere MFT secure file transfer platform. The breach event affected the personal and health information (PHI) of up to one million patients. Days ago, the Clop ransomware group claimed to have breached 130 organizations by abusing the same zero-day flaw.

Top Malware Reported in the Last 24 Hours

M2RAT for intel gathering

North Korean APT37 was spotted using a highly evasive M2RAT malware and steganography to target individuals for intelligence collection. It exploits an old EPS bug, tracked as CVE-2017-8291, in the Hangul word processor (commonly used in South Korea). The malware uses a shared memory region for executing commands and exfiltrating data from infected machines.

Add payloads with Beep

Minerva Labs discovered a brand-new piece of stealthy malware known as Beep. Through this, malware authors were attempting to use as many anti-debugging and anti-VM (anti-sandbox) strategies as they could uncover. Beep is meant to evade detection and extract and launch additional payloads—via a technique called process hollowing—on a compromised system.

Vidar and Lokibot become top threats

Check Point’s Global Threat Index report for January 2023 Most Wanted Malware list contains the likes of AgentTesla, Lokibot info-stealer, and Vidar info-stealer in the top 10. Qbot continues to hold the top position. Lokibot and Vidar were not in the top ten in the previous survey. The latter was observed propagating via fake domains purported to be associated with remote desktop software firm AnyDesk.

Top Vulnerabilities Reported in the Last 24 Hours

Security issues in SaltStack

The research team of Skylight Cyber uncovered a series of three simple management configurations and a "bonus injection" method in VMware-owned SaltStack. The bug could enable a remote hacker to run arbitrary code, establish persistence, and control a management network. Prolific hackers can deploy malware with worm-like capabilities to affect other systems connected to the initially compromised system.

Adobe patches half-a-dozen bugs

Adobe rolled out patches for at least a half dozen vulnerabilities concerning the company’s three most popular software products — Illustrator, Photoshop, and After Effects. The exploitation of the Illustrator flaw may lead to arbitrary code execution. The abuse of the Photoshop flaw, which affects both Windows and macOS, could lead to ?memory leak issues.

Three zero-days fixed by Microsoft

Microsoft patched three actively exploited zero days in its Patch Tuesday update addressing 75 vulnerabilities. The first one, CVE-2023-21715, allows a hacker to bypass a Microsoft Publisher security feature. The second bug, CVE-2023-23376, lets hackers achieve SYSTEM privileges. The third, CVE-2023-21823, could lead to RCE attacks and a complete takeover of a vulnerable system.

Related Threat Briefings