We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jan 5, 2023

Ever since the developer of the SpyNote spyware made their source code public, the number of samples detected has spiked significantly, noted experts at ThreatFabric. The malware authors have also initiated a new spyware project that could be a paid application, and hence a potential threat in the future. A modified variant of QuasarRAT was observed in a phishing campaign aimed at Ecuador-based organizations. The emails in the campaign purported to originate from the officials of the Colombian government.

Moving on, Fortinet and Zoho have discovered flaws in their applications with ‘high’ severity ratings. While the bug in Zoho was fixed, Fortinet customers are recommended to upgrade to the new versions as and when they become available.

Top Breaches Reported in the Last 24 Hours

Slack’s source code repo accessed

Slack’s private GitHub code repositories were accessed by hackers over the holidays, it revealed. Adversaries gained access to its externally hosted repositories via stolen employee tokens. However, Slack’s primary codebase and customer data remain unaffected.

AWS storage leak incident

Cricketsocial[.]com, an online cricket community, exposed over 100,000 private customer records and admin credentials via an unprotected AWS instance. While most of it appeared to be test data, security experts also confirmed that the PII of authentic site users was also affected. The database also laid bare the plaintext credentials of a website administrator, which could lead to an account takeover attack.

Twitter data up for sale

A hacker has dumped a data set containing the email addresses of 200 million Twitter users. This set is allegedly a subset of the same 400 million-set that was circulating in November but cleaned up for duplicates. Bleepingcomputer experts have however confirmed that it contains duplicates as well.

CircleCI’s new breach warning

Software development service CircleCI disclosed unauthorized access to its network by unknown individuals. It has urged users to rotate any and all secrets stored in CircleCI, including the ones stored as project environment variables or in contexts. Projects using API tokens were invalidated and users are required to replace them.

Top Malware Reported in the Last 24 Hours

New SpyNote variant detected

SpyNote spyware is back with an upgraded version to continue targeting financial institutions. The Android malware boasts a wide range of capabilities from installing arbitrary apps to intercepting SMS messages and calls. Malware actors have impersonated Deutsche Bank, Kotak Mahindra Bank, HSBC U.K., and Nubank in its campaigns.

Blind Eagle uses QuasarRAT

APT-C-36, aka Blind Eagle, is targeting Ecuador-based organizations in a new campaign involving a version of QuasarRAT. The threat group has been impersonating the Colombian government in phishing emails and attaching malicious documents or malicious links to them.

Top Vulnerabilities Reported in the Last 24 Hours

Patch your Fortinet appliance

A highly sensitive bug was found impacting multiple versions of the FortiADC application delivery controller. The bug, tracked as CVE-2022-39947, could lead to arbitrary code execution attacks. Meanwhile, Zoho also warned its customers of Access Manager Plus, PAM360, and Password Manager Pro to upgrade to the latest versions in light of a SQL injection bug, CVE-2022-47523.

Bugs in vehicle systems

Cybersecurity researcher Sam Curry and colleagues unveiled several flaws in vehicles manufactured by the likes of top manufacturers including Kia, Honda, Infiniti, Nissan, Acura, Rolls Royce, Ferrari, Ford, Mercedes-Benz, Genesis, BMW, Porsche, Toyota, Jaguar, and Land Rover. These flaws could be abused to perform malicious activities such as unlocking cars or tracking them.

Related Threat Briefings