Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jan 12, 2023

Researchers warned of yet another sensitive bug impacting Chrome and Chromium-based browsers that could let an attacker steal files containing confidential data. Abuse of the bug, dubbed SymStealer, could lead to sensitive data access, such as crypto wallets and cloud credentials. Meanwhile, an Asus router model was found containing three critical vulnerabilities, with one of them—with a CVSS score of 9.0—posing threat to the administrative rights of the targeted device.

That’s not all. Security analysts unearthed a ransomware attack campaign wherein hackers stayed hidden in the targeted network for five months before moving laterally to infect more systems and steal data.

Top Breaches Reported in the Last 24 Hours

Social marketplace suffers data exposure

Social commerce website trustanduse[.]com inadvertently laid bare users’ personal and business information via an 855GB database for at least six months. The leak concerned sensitive data of users, including usernames, full names, phone numbers, Facebook IDs, and hashed passwords of 439,000 users.

PII and PHI compromised

A cybercriminal gained unauthorized access to the Bay Bridge Administrators’ network compromising both the PII and PHI of nearly 250,000 individuals. The affected data includes names, addresses, birth dates, SSNs, driver’s license numbers, and medical and health insurance information of clients.

Operation at Royal Mail interrupted

Customers of the U.K’s Royal Mail were requested to stop sending parcels and letters internationally owing to a cyberattack. The postal service faced temporary disruption in dispatching customers’ items. Furthermore, it hasn’t revealed the nature of the incident.

Top Malware Reported in the Last 24 Hours

Lorenz ransomware abuses Mitel devices

Security experts at S-RM revealed that Lorenz ransomware attackers exploited a severe vulnerability in Mitel telephony infrastructure to move laterally, harvest data, and encrypt systems. According to the report, the attackers awaited for five months before taking over the victim's network.

Raspberry Robin’s deep dark secret

A new analysis of Raspberry Robin by cybersecurity firm SEKOIA found that threat actors can repurpose their command-and-control (C2) infrastructure to infect more servers. Hackers used compromised QNAP NAS devices resolved by domain names as its first C2 level, as a validator and forwarder. The initially compromised servers act as forward proxies to the next as-yet-unknown tier.

Top Vulnerabilities Reported in the Last 24 Hours

12 security updates by SAP

SAP rolled out 12 new and updated security notes under January 2023 Security Patch Day. The release includes seven ‘hot news’ or the most severe vulnerabilities. An SQL injection bug in Business Planning and Consolidation MS lets a hacker data read, delete or modify data. The bug has a CVSS score of 9.9 and is tracked as CVE-2023-0016.

Server takeover bug in SugarCRM

A high-severity vulnerability in SugarCRM was being exploited by hackers to inject malware onto users’ devices. Successful exploitation of the flaw gives a hacker control over victims’ servers. Researchers have made hotfixes available for the flaw, which was a zero-day when the exploit code was posted online.

SymStealer flaw patched

A security flaw in Google Chrome and Chromium-based browsers that could allow the theft of sensitive files has been addressed by security experts. The issue, dubbed SymStealer, originated from the way the browser interacted with symlinks while processing files and directories. The medium-severity issue is tracked as CVE-2022-3656.

Buggy Asus routers

Cisco Talos released technical information on three critical bugs impacting Asus RT-AX82U routers, a Wi-Fi 6 gaming router. The most severe bug among those is an authentication bypass flaw exploitable via a series of specially crafted HTTP requests. It could be exploited to gain administrative access to a device.

Related Threat Briefings