We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 22, 2023

A critical injection vulnerability in VMware Carbon Black App Control is posing a threat to users in more than one way. Security experts concluded that a hacker may get access to sensitive information by abusing the flaw. At the same time, no workaround is available for users, except for upgrading the product. Separately, researchers took the wraps off of a botnet malware’s latest activity. First detected in 2017, the MyloBot botnet has infected thousands of systems in four countries and can function as a downloader for additional malware or malicious tools.

There’s everything wrong with ‘Portugal’ and ‘Brazil’. These are the names of two malware authors distributing malicious Python packages through the PyPI repository. The actors aspire to exfiltrate sensitive data through platforms such as Telegram and Discord.

Top Breaches Reported in the Last 24 Hours

SMS phishing led to breach

American video game publisher Activision announced experiencing a data breach. According to vx-underground, a cybersecurity research group, hackers exfiltrated sensitive workplace documents, including the content that is yet to be released. Reportedly, hackers gained access to the Slack account of an employee with an SMS phishing text.

Washington city hit with ransomware

The notorious BlackCat ransomware group has allegedly pilfered more than 250GB worth of data from the City of Lakewood, Washington. The hacker group further appealed to parties—who could bear the brunt in the aftermath of the breach— to sue the municipality. Hackers also accused the municipality of not patching the vulnerabilities.

Top Malware Reported in the Last 24 Hours

MyloBot expands to four countries

BitSight uncovered an advanced botnet that has been able to compromise thousands of systems in the U.S., India, Indonesia, and Iran. Dubbed MyloBot, its infrastructure has connections to BHProxies, a residential proxy service. The highly sophisticated malware was first spotted in the wild in 2017 and is known for its anti-analysis techniques.

Zero-day attack against PyPI Index

FortiGuard Labs unearthed a zero-day attack by malware authors who published the PyPI packages ‘xhttpsp’ and ‘httpssp’. The malicious packages were highly obfuscated in nature and displayed functions, such as DiscordApi, ProcessHollowing, RemoteThreadInjection, TelegramApi, Inject, and HiddenStartup, showcasing their capabilities.

Top Vulnerabilities Reported in the Last 24 Hours

Several bugs fixed for VMware

VMware’s Carbon Black App Control product was found vulnerable to a critical flaw tracked as CVE-2023-20858. The bug impacts App Control versions 8.7.x, 8.8.x, and 8.9.x and clients would need to update to versions 8.7.8, 8.8.6, and 8.9.4 to mitigate risks owing to the flaw since no other workaround is possible. The abuse of the bug may lead to information disclosure or privilege escalation threats.

High-severity bugs added to KEV

The CISA has listed a couple of Mitel MiVoice Connect vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog that is being exploited in the wild. The bugs, identified as CVE-2022-41223 and CVE-2022-40765, need to be addressed by federal agencies by March 14. Furthermore, the agency also added an IBM Aspera Faspex bug that can allow a hacker to execute arbitrary code.

Related Threat Briefings