Cyware Daily Threat Intelligence
Daily Threat Briefing • Feb 22, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Feb 22, 2023
A critical injection vulnerability in VMware Carbon Black App Control is posing a threat to users in more than one way. Security experts concluded that a hacker may get access to sensitive information by abusing the flaw. At the same time, no workaround is available for users, except for upgrading the product. Separately, researchers took the wraps off of a botnet malware’s latest activity. First detected in 2017, the MyloBot botnet has infected thousands of systems in four countries and can function as a downloader for additional malware or malicious tools.
There’s everything wrong with ‘Portugal’ and ‘Brazil’. These are the names of two malware authors distributing malicious Python packages through the PyPI repository. The actors aspire to exfiltrate sensitive data through platforms such as Telegram and Discord.
SMS phishing led to breach
American video game publisher Activision announced experiencing a data breach. According to vx-underground, a cybersecurity research group, hackers exfiltrated sensitive workplace documents, including the content that is yet to be released. Reportedly, hackers gained access to the Slack account of an employee with an SMS phishing text.
Washington city hit with ransomware
The notorious BlackCat ransomware group has allegedly pilfered more than 250GB worth of data from the City of Lakewood, Washington. The hacker group further appealed to parties—who could bear the brunt in the aftermath of the breach— to sue the municipality. Hackers also accused the municipality of not patching the vulnerabilities.
MyloBot expands to four countries
BitSight uncovered an advanced botnet that has been able to compromise thousands of systems in the U.S., India, Indonesia, and Iran. Dubbed MyloBot, its infrastructure has connections to BHProxies, a residential proxy service. The highly sophisticated malware was first spotted in the wild in 2017 and is known for its anti-analysis techniques.
Zero-day attack against PyPI Index
FortiGuard Labs unearthed a zero-day attack by malware authors who published the PyPI packages ‘xhttpsp’ and ‘httpssp’. The malicious packages were highly obfuscated in nature and displayed functions, such as DiscordApi, ProcessHollowing, RemoteThreadInjection, TelegramApi, Inject, and HiddenStartup, showcasing their capabilities.
Several bugs fixed for VMware
VMware’s Carbon Black App Control product was found vulnerable to a critical flaw tracked as CVE-2023-20858. The bug impacts App Control versions 8.7.x, 8.8.x, and 8.9.x and clients would need to update to versions 8.7.8, 8.8.6, and 8.9.4 to mitigate risks owing to the flaw since no other workaround is possible. The abuse of the bug may lead to information disclosure or privilege escalation threats.
High-severity bugs added to KEV
The CISA has listed a couple of Mitel MiVoice Connect vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog that is being exploited in the wild. The bugs, identified as CVE-2022-41223 and CVE-2022-40765, need to be addressed by federal agencies by March 14. Furthermore, the agency also added an IBM Aspera Faspex bug that can allow a hacker to execute arbitrary code.