Cyware Daily Threat Intelligence
Daily Threat Briefing • Jul 3, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jul 3, 2023
A malware variant targeting the macOS community has been recently identified in the wild, highlighting the ongoing evolution and adaptability of macOS-targeted malware threats. The malware, a variant of RustBucket, is believed to be the work of the North Korea-linked BlueNoroff APT group. In other news, from critical login credentials to browsing history, nothing was found safe from Meduza Stealer (a newbie in the lucrative Crimeware-as-a-Service (CaaS) ecosystem). The sophisticated stealer features a "crafty" operational design to evade detection.
A security lapse was discovered in the Ultimate Member plugin for WordPress sites. With 200,000+ active installs—and considering the severity of the issue—it poses a significant risk to website users and, hence, needs to be addressed urgently.
HHS hack compromised 100,000
In last week’s breach disclosure affecting the Department of Health and Human Services (HHS), officials have clarified that the incident may have potentially exposed the personal data of at least 100,000 people. The HHS confirmed that while its systems remained uncompromised, attackers gained access to data by exploiting the MOVEit Transfer bug at one of its contractors.
North Korean actor upgrades macOS malware
Elastic Security Labs researchers stumbled across a variant of the RustBucket malware that is specifically designed to exploit Apple macOS systems. The malware was first detected in April, and the North Korea-backed BlueNoroff APT group is supposedly behind the malware. It can collect system information, such as the list of ongoing processes and current time, and identify whether it is running within a VM environment.
Meduza Stealer also mines
A new Windows-based information stealer called Meduza Stealer was spotted by cybersecurity researchers at Uptycs. It specializes in pilfering users' browsing activities and other critical data from 95 web browsers, 76 crypto wallets, and 19 password manager apps. Furthermore, it can steal miner-related Windows Registry entries, along with collecting a list of installed games.
WordPress plugin under attack
A high-severity vulnerability, tracked as CVE-2023-3460, was reported in the Ultimate Member WordPress plugin, which has over 200,000 installations. This vulnerability enables attackers to add a new user account to the administrators' group, granting them unauthorized access and control over affected WordPress websites. The plugin maintainers have acknowledged the ongoing exploitation.
CISA flags Samsung and D-Link flaws
The CISA has included several vulnerabilities in its Known Exploited Vulnerabilities (KEV) Catalog, including six Samsung smartphone bugs and a couple of D-Link router issues. According to experts, there are no public reports describing the abuse of the Samsung bugs, however, they were likely exploited by a commercial spyware vendor. Meanwhile, there are confirmed reports of the D-Link router bugs being exploited by a Mirai botnet variant.