Cyware Daily Threat Intelligence

Daily Threat Briefing • Jan 15, 2024
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jan 15, 2024
Security first! Safeguard your data by installing crucial bug fixes. Juniper Networks rushed to fix a critical RCE flaw in its SRX Series firewalls and EX Series switches, rated 9.8 on the CVSS scale. The vulnerability, posing a risk of unauthorized root access, affects multiple Junos OS versions. Meanwhile, GitLab addressed a critical severity bug that could allow attackers to bypass the email verification process, potentially leading to account takeovers. Also, the CISA has requested organizations to mitigate nine ICS threats by applying patches in respective products.
On the malware side, the Azorult malware, originating from Russian hacking forums, has reappeared with an advanced strategy. The latest campaigns utilize deceptive PDF files in a multistage infection chain, deploying Azorult as both an information stealer and downloader.
Nonprofit focused on clean water access hit
Nonprofit organization Water for People fell victim to a ransomware attack by the Medusa Locker group. The attackers have listed the organization on their darknet site, threatening to publish stolen information unless a $300,000 extortion fee is paid. Water for People stated that the accessed data predates 2021, and no financial systems or business operations were compromised.
26.8GB tourist data exposed
Melbourne-based travel agency Inspiring Vacations experienced a significant data leak, with a 26.8GB database left publicly accessible without any security measures. The database contained 112,605 records, including high-resolution passport images, travel visa certificates, itinerary or ticket files, and personal information of 13,684 customers. The incident also impacted internal company documents, including 17,000 tax invoices to partners and affiliates.
Updated Azorult malware spotted
Azorult, a notorious malware first identified in 2016, has reportedly resurfaced on the dark web with a renewed and sophisticated approach. Known for stealing information, Azorult extracts sensitive data like browsing history, login credentials, and cryptocurrency details. Security analysts at Cyble disclosed that the attack involves a deceptive ZIP file containing a malicious shortcut file disguised as a PDF. The campaign follows a meticulous multistage infection chain, deploying Azorult with precision to avoid detection.
Microsoft exploit delivers Phemedrone Stealer
Despite being patched in November 2023, the CVE-2023-36025 Windows SmartScreen bypass vulnerability is still being exploited by malware distributors. The latest threat delivered through this vulnerability is a variant of the Phemedrone Stealer. Written in C#, the malware is capable of collecting a wide range of sensitive information from targeted devices, including system details, files, browser data, and credentials from various applications.
Over 100 flaws addressed
Juniper Networks released more than two dozen security advisories fixing over 100 security issues affecting its products, particularly Junos OS. The most critical flaw, CVE-2024-21591, impacted Junos on SRX series firewalls and EX series switches, allowing an unauthenticated attacker to execute arbitrary code and gain root privileges. Several high-severity vulnerabilities affected third-party components in products like Juniper Security Director Insights and Session Smart Router.
Password reset threat haunts GitLab
GitLab patched a critical vulnerability, CVE-2023-7028, that could enable attackers to hijack the password reset process. The flaw, introduced in GitLab version 16.1.0, allows password reset messages to be sent to unverified email addresses, potentially leading to account takeover. The vulnerability affects GitLab Community Edition and Enterprise Edition versions 16.1 to 16.7.1. Additionally, another high-severity bug, CVE-2023-5356, was addressed, preventing the abuse of Slack/Mattermost integrations to execute slash commands as another user.
Apple resolves keyboard injection bug
Apple has released Magic Keyboard firmware update 2.0.6 to fix a recently disclosed Bluetooth keystroke injection vulnerability (CVE-2024-0230). Discovered by Marc Newlin of SkySafe, the flaw is a session management issue allowing an attacker with physical access to extract the Bluetooth pairing key and monitor Bluetooth traffic. The vulnerability could be exploited by an attacker, in proximity, to inject keystrokes. This may lead to actions like unauthorized app installation, command execution commands, and message forwarding.
CISA urges mitigation of ICS flaws
The CISA urged critical infrastructure organizations to address vulnerabilities in nine industrial control systems products. These vulnerabilities, ranging from high to critical severity, impact products widely used in sectors like energy, manufacturing, and transportation. The affected products include Rapid SCADA, Horner Automation Cscape, Schneider Electric Easergy Studio, Siemens Teamcenter Visualization and JT2Go, Siemens Spectrum Power 7, Siemens SICAM A8000, Siemens SIMATIC CN 4100, and Siemens Solid Edge.