Cyware Daily Threat Intelligence
Daily Threat Briefing • Jan 18, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jan 18, 2023
The CISA is calling out sensitive ICS vulnerabilities in products from Siemens, GE Digital, Mitsubishi Electric, and Contec. These flaws pose a range of threats from triggering remote code execution attacks to command injection. Meanwhile, Trend Micro laid out specifications for a relatively new malware threat known as Batloader. The malware impersonates a plethora of legitimate software and applications in its campaigns such as Adobe, AnyDesk, Blender, Slack, TeamViewer, Zoho, and Zoom to name a few.
More threats were detected in the routers of Netcomm and TP-Link in the form of security flaws. While the bugs in Netcomm routers were addressed, TP-Link routers still appear to be vulnerable to these flaws.
FTX drained of $415 million
In a report to creditors, officials of collapsed cryptocurrency exchange FTX declared that a cybercriminal bilked nearly $415 million in cryptocurrency in a hack. The hacker allegedly carried out a series of unauthorized third-party transfers. Coinbase director claims the hacker received tips on how to launder the stolen funds using mixing protocols.
Nissan USA’s customer data exposed
Nissan’s North America division disclosed a breach event that blurted out customer data impacting 17,998 individuals. The exposure occurred at the hands of a third-party service provider owing to a poorly managed database. The exposed data includes full names, dates of birth, and NMAC account numbers.
Credential stuffing attack hits Norton LifeLock
Gen Digital – which owns Norton LifeLock—revealed that nearly one million active and inactive Norton LifeLock accounts suffered credential stuffing attacks. While the attack intended to harm Norton Password Manager users, systems were not compromised in this attack. However, threats such as automated attacks to hijack other unrelated accounts of users still hover.
Sensitive data of employees and jobseekers leaked
myrocket[.]co, an HR management portal, laid bare personal and other sensitive data of employees via an unprotected database trove of 260GB. The database allegedly contained information for nearly 200,000 employees and almost nine million job candidates. The mishap came to light after the discovery of a misconfigured Kibana instance.
A potential malware on the rise
Trend Micro laid bare details of Batloader malware in a report that has anti-sandboxing capabilities and can fingerprint hosts for legitimacy. The modular malware abuses legitimate tools such as NirCmd.exe and Nsudo.exe to escalate privileges. First observed in the last quarter of 2022, it was found dropping several malware payloads, including Ursnif, RedLine Stealer, Vidar, Bumbleloader, ZLoader, Cobalt Strike, and SmokeLoader.
Routers security in the fray
A couple of security holes in Netcomm routers, when chained together, enable a remote hacker to execute arbitrary code. The flaws in Netcomm routers are tracked as CVE-2022-4873 and CVE-2022-4874. Furthermore, two unpatched security flaws—CVE-2022-4499 and CVE-2022-4498—were also reported in TP-Link routers.
Watch against ICS flaws - CISA
The CISA warned against flaws in GE’s Proficy Historian product that can hamper an operational ICS environment. Researchers spotted five critical and high-severity vulnerabilities affecting the product. Meanwhile, the CISA also urged organizations to patch security flaws in Siemens, Mitsubishi Electric, and Contec products. The flaw in Siemens SINEC INS is considered to be the most sensitive among these.
Oracle addresses 327 bugs
Oracle released its first Critical Patch Update for 2023 wherein it fixed 327 security flaws. There were over 70 high-severity vulnerabilities in total. More than 200 of the security issues could be exploited remotely without authentication. The round of updates also includes 50 patches that resolve flaws in Fusion Middleware.