We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 3, 2023

A malware variant targeting the macOS community has been recently identified in the wild, highlighting the ongoing evolution and adaptability of macOS-targeted malware threats. The malware, a variant of RustBucket, is believed to be the work of the North Korea-linked BlueNoroff APT group. In other news, from critical login credentials to browsing history, nothing was found safe from Meduza Stealer (a newbie in the lucrative Crimeware-as-a-Service (CaaS) ecosystem). The sophisticated stealer features a "crafty" operational design to evade detection.

A security lapse was discovered in the Ultimate Member plugin for WordPress sites. With 200,000+ active installs—and considering the severity of the issue—it poses a significant risk to website users and, hence, needs to be addressed urgently.

Top Breaches Reported in the Last 24 Hours

HHS hack compromised 100,000

In last week’s breach disclosure affecting the Department of Health and Human Services (HHS), officials have clarified that the incident may have potentially exposed the personal data of at least 100,000 people. The HHS confirmed that while its systems remained uncompromised, attackers gained access to data by exploiting the MOVEit Transfer bug at one of its contractors.

Top Malware Reported in the Last 24 Hours

North Korean actor upgrades macOS malware

Elastic Security Labs researchers stumbled across a variant of the RustBucket malware that is specifically designed to exploit Apple macOS systems. The malware was first detected in April, and the North Korea-backed BlueNoroff APT group is supposedly behind the malware. It can collect system information, such as the list of ongoing processes and current time, and identify whether it is running within a VM environment.

Meduza Stealer also mines

A new Windows-based information stealer called Meduza Stealer was spotted by cybersecurity researchers at Uptycs. It specializes in pilfering users' browsing activities and other critical data from 95 web browsers, 76 crypto wallets, and 19 password manager apps. Furthermore, it can steal miner-related Windows Registry entries, along with collecting a list of installed games.

Top Vulnerabilities Reported in the Last 24 Hours

WordPress plugin under attack

A high-severity vulnerability, tracked as CVE-2023-3460, was reported in the Ultimate Member WordPress plugin, which has over 200,000 installations. This vulnerability enables attackers to add a new user account to the administrators' group, granting them unauthorized access and control over affected WordPress websites. The plugin maintainers have acknowledged the ongoing exploitation.

CISA flags Samsung and D-Link flaws

The CISA has included several vulnerabilities in its Known Exploited Vulnerabilities (KEV) Catalog, including six Samsung smartphone bugs and a couple of D-Link router issues. According to experts, there are no public reports describing the abuse of the Samsung bugs, however, they were likely exploited by a commercial spyware vendor. Meanwhile, there are confirmed reports of the D-Link router bugs being exploited by a Mirai botnet variant.

Related Threat Briefings