Cyware Daily Threat Intelligence
Daily Threat Briefing • Jul 7, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jul 7, 2022
Along with the popularity of the Linux OS, the number of attack campaigns has also shot up. OrBit marks the fourth Linux malware to have been detected by security researchers within three months. Another malicious operation, dubbed CuteBoi, has been discovered posing a software supply chain threat through NPM packages. Assumed to be at a nascent stage, the packages include code from eazyminer, a tool for mining Monero via unused resources on web servers.
Besides, Fortinet released a large number of firmware and software updates fixing a wide range of vulnerabilities. A hacker could abuse these flaws to access MySQL databases while achieving privilege escalation across Windows versions.
Community college in California targeted
College of the Desert is reported to have suffered a cyberattack that culminated in a systemwide outage for most of its online services. An official said that it is a malware attack but did not clarify whether it was a ransomware attack. There’s a temporary site launched by the community college that has counseling resources and information on summer classes.
Unprotected data on unsecured storage server
American Marriage Ministries, a wedding officiant training organization, disclosed a data exposure event through an unsecured Amazon blob storage. It was found blurting out approximately 630 GB of data on about 185,000 officiants and roughly 15,000 married couples and their guests. The data was stored without any password protection or encryption controls.
New Linux-based backdoor
A never-seen-before Linux backdoor has surfaced that can be installed either with persistence capabilities or as a volatile implant. Known as OrBit, the malware infects all of the running processes on the compromised machines. The backdoor aims to extract data by hooking the read and write functions to capture data during the machine runtime.
When Follina brought a company
Fortinet researchers stumbled across a malicious document that not only exploited the Follina vulnerability (CVE-2022-30190) but also pulled in the Rozena backdoor. The backdoor injects a remote shell and establishes a connection with the attacker’s machine. Hackers carry out a fileless attack by leveraging the public Discord CDN attachment service.
New unusual RaaS family
U.S. cybersecurity and intelligence agencies found the new Maui ransomware, which is the brainchild of North Korean government-backed hackers. The ransomware has been targeting the healthcare sector in the U.S. since at least May 2021. What’s odd about this malware family is that it lacks multiple key features that one can generally associate with a RaaS service.
**Cryptomining operation by CuteBoi **
Researchers at Checkmarx spotted a software supply chain threat actor, dubbed CuteBoi, running a large-scale cryptocurrency mining campaign via the NPM JavaScript package repository. It has the ability to bypass the NPM 2FA challenge. All the packages contain a near-identical source code from an already existing package named eazyminer.
Multiple flaws addressed in Fortinet systems
Fortinet issued a set of patches to address vulnerabilities affecting several of its endpoint security products. About a quarter of high severity flaws is relative path traversal bugs in the management interface of FortiDeceptor that may allow a remote hacker to access and delete arbitrary files from the underlying filesystem.