Cyware Daily Threat Intelligence

Daily Threat Briefing • Jan 4, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jan 4, 2023
ProxyNotShell threats are far from over. Nearly 60,000 Exchange servers were found vulnerable to CVE-2022-41082, one of the two ProxyNotShell flaws. Nonetheless, the number of flawed servers has plummeted (not-so-significantly) as compared to mid-December’s count. Speaking of security holes, Qualcomm issued patches to fix five bugs that also concern some Lenovo models. Some Lenovo models are affected by the bugs in question that could be abused to expose sensitive data and cause memory corruption.
The malware landscape also has added a new threat, as disclosed by the ASEC team. Researchers stumbled across a new shell script compiler (shc)-based malware downloader that could bring along XMRing miner on compromised systems.
Deezer exposes data of 200 million users
RestorePrivacy broke the news about a massive breach incident at music-streaming service Deezer. The hack, however, reportedly occurred at one of Deezer’s third-party service providers in 2019. The incident has resulted in the exposure of the personal data of over 200 million users.
LockBit hits Wabtec Corporation
U.S. rail and locomotive company Wabtec Corporation revealed it suffered a data breach by LockBit ransomware. The organization has confirmed the leak of sensitive data that was later posted on the threat actor’s leak site. Hackers also published the link to the stolen data in light of the failure of an extortion attempt.
Volvo Cars reported network intrusion
A hacker has put up data stolen from Swedish vehicle manufacturer Volvo Cars on a hacker forum for sale. The firm fell victim to a ransomware attack by the Endurance ransomware group that emerged around November last year. The actor is offering the data at the price of $2,500 in Monero cryptocurrency from interest buyers.
An shc downloader malware
The ASEC analysis team uncovered a new shell script compiler (shc)-based Linux malware dropping XMRig miner on compromised systems. Hacker pulled off the attack through a dictionary attack on mismanaged Linux SSH servers. An attack chain spotted in the campaign included both the shc downloader malware and a Perl-based DDoS IRC bot.
Thousands of Exchange servers are vulnerable
The infamous RCE vulnerability, CVE-2022-41082, aka ProxyNotShell bug, is back in headlines as researchers unveiled that approximately 60,000 Exchange servers are yet to be patched against the threat. Successful exploitation of the bug allows adversaries to escalate privileges and gain arbitrary code-writing access on compromised servers.
Multiple bugs in Qualcomm chips
Researchers disclosed five bugs in Qualcomm chipsets that also affect Lenovo ThinkPad X13s laptops. The bugs, identified as CVE-2022-40516 through CVE-2022-40520, are memory corruption and information disclosure (due to buffer over-read in Core). Lenovo has released BIOS updates to patch the bugs.