Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jan 17, 2023

The threat of spray-and-pray attacks continues to loom over vulnerable Zoho ManageEngine products owing to CVE-2022-47966. Researchers have announced an imminent PoC exploit. The arbitrary code execution flaw can give a sound hacker complete control over the compromised system. A set of three rogue PyPI packages have once again attempted to disrupt software developers’ work. The packages in question are named colorslib, libhttps, and httpslib.

Frauds through Google Ads have been making headlines for the past few weeks. Attackers were able to relay an attack on the crypto wallet of an NFT influencer, swindling over $50,000 worth of NFTs and cryptocurrency.

Top Breaches Reported in the Last 24 Hours

Norwegian software maker suffered breach

The servers of DNV, the Norway-based ShipManager software provider that helps manage about 1,000 shipping vessels globally, were knocked offline by a cyberattack. The attack comes amid heightened concerns over the not-so-strong security infrastructure of the global supply chain following the Russia-Ukraine conflict. However, the victim firm claimed there was no harm to any other software or data.

Google Ads malware steals big

An NFT influencer was scammed for over $52,000 worth of NFTs in a phishing attack via malicious Google Ads. He reportedly lost at least 19 Ether ($27,000), a Mutant Ape Yacht Club (MAYC) NFT with the current floor price of 16 ETH ($25,000), and multiple other NFTs. The hacker moved most of the ETH through numerous wallets before sending it for swapping for unknown cryptocurrencies through FixedFloat.

Top Malware Reported in the Last 24 Hours

A trio of fake PyPI packages

A threat actor identifying itself as Lolip0p was spotted dropping three rogue packages to the PyPI repository with an aim to carry out supply chain attacks. The packages, named colorslib (versions 4.6.11 and 4.6.12), libhttps (version 4.6.12), and httpslib (versions 4.6.9 and 4.6.11) are designed to drop malware. The executable downloaded during the infection process is capable of dropping additional binaries.

Geopolitical themes to spread NjRAT

Trend Micro uncovered an ongoing campaign, dubbed Earth Bogle, targeting potential victims in the Middle East and Africa using geopolitical themes. The campaign drops NjRAT malware, which is served through public cloud storage services such as files.fm and failiem.lv. The enclosed malicious file claims to contain a “sensitive” audio file.

Top Vulnerabilities Reported in the Last 24 Hours

**Announcement for PoC-release **

Security analysts would soon be releasing the PoC exploit code for a critical flaw that enables remote code execution without authentication in many Zoho and VMware products. The flaw CVE-2022-47966 is due to the use of an outdated and vulnerable third-party dependency, Apache Santuario. The easy-to-abuse flaw is a suitable candidate for cybercriminals conducting spray-and-pray attacks.

GitHub Codespaces is vulnerable

New research revealed that a feature in GitHub Codespaces could be exploited by threat actors to deliver malware of their choice to a compromised device. Experts at Trend Micro demonstrated a scenario where they could serve malicious content at a rapid rate by exposing ports to the public.

Top Scams Reported in the Last 24 Hours

Smartphone users smashed with smishing

Danish smartphone users were bombarded with cryptic messages from a user who goes by the moniker of “Dansk-game”. It misinforms users about their enrollment to a monthly pay-to-win plan. The URL appended to the SMSs lured them to an infamous website where players can find cracks for popular games.

Hackers leverage mobilization move by Russia

Hackers have turned the fear of mobilization in citizens of Russia into an opportunity to harvest the personal data of individuals. The hackers involved are sending out texts—via Telegram—directing them to an infected site that purportedly contains a list of people who could be sent to fight in Ukraine in the coming months.

Related Threat Briefings