Cyware Daily Threat Intelligence

Daily Threat Briefing • Jan 2, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jan 2, 2023
Welcome to 2023! Cyware wishes you a sparkling New Year :)
A doppelganger of a PyTorch dependency was seen in the wild that could have led to system compromise by actors pulling off attacks through the dependency confusion attack vector. Meanwhile, a Linux malware variant is posing threat to users via vulnerabilities in more than two dozen WordPress plugins and themes. Website users are recommended to keep their web app components up-to-date.
Moving on, the CISA listed a couple of actively exploited bugs related to TIBCO JasperReports products. The first one is an information disclosure bug in the server component, and the other is a directory traversal flaw in its library.
**Hackers target community college **
Bristol Community College fell victim to a ransomware attack that impacted its internet-related communication systems, such as email and Teams, and rendered shared documents inaccessible for students and employees. Students and staff were asked to consider changing their credentials.
Medical data lay exposed
A report by Jama Network stumbled across the medical information of approximately 42 million Americans being offered on underground marketplaces, since 2016. The study analyzed trends in ransomware attacks on U.S. healthcare institutions between 2016 and 2021. The number of attacks in that period has also doubled, noted experts.
Malicious PyTorch dependency
PyTorch team has identified a malicious dependency within its framework library. The package was the homonym for the torchtriton dependency. Exploiting it, a hacker could successfully trigger dependency confusion attacks, compromising multiple systems. PyTorch admins advised users to uninstall the counterfeit framework.
Unnamed Linux malware
An unprecedented strain of Linux malware was detected by security vendor Doctor Web. It abuses bugs in over two dozen plugins and themes for WordPress sites. The malware injects JavaScript code—called from a remote server—and redirects visitors to an arbitrary website of the threat actor’s choice.
BlackCat’s new tactic
The ALPHV/BlackCat ransomware group experimented with a new extortion tactic. It erected a copied site for one of its victims and published the stolen data on it. The victim firm, which is in the financial services industry, apparently did not bend down to the threat actor’s demands.
CISA lists JasperReports bugs
The CISA added two-year-old security flaws impacting TIBCO Software’s JasperReports products to its list of most exploited vulnerabilities catalog. The flaws tracked as CVE-2018- 5430 and CVE-2018-18809, are related to information disclosure and directory traversal issues, respectively.