Cyware Daily Threat Intelligence
Daily Threat Briefing • Jul 11, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jul 11, 2023
A cybersecurity firm that unearthed the Scarleteel cryptomining campaign in February is once again cautioning against it. Apparently, threat actors have entered the second phase with newly evolved tactics for infection and exfiltration, along with added DDoS-as-a-service capability. The next warning is for gaming enthusiasts who download game hacks. Cybercriminals have targeted gamers via a bogus GitHub page offering a PUBG bypass hack project, jeopardizing their accounts and crypto wallets at the hands of an information stealer known as Legion.
Apple has rolled back its Rapid Security Response updates across a number of products. It issued the updates to prevent devices from the active exploitation of a zero-day exploit. However, this particular update allegedly triggered unforeseen issues.
Bug cost millions of dollars
An undisclosed security flaw in Revolut’s payment systems in the U.S. was exploited to pilfer nearly $23 million from the company’s funds, a new report revealed. Though some recovery effort was made initially, the firm still incurred a net loss of about $20 million due to this mass fraud scheme. Specific technical details related to the vulnerability have not been made public yet.
System breach at NHS Trust
The IT systems of the U.K’s Barts Health NHS Trust were breached by the BlackCat ransomware group to steal employee PII. The ransomware gang has posted people's financial details, CVs, and copies of passports and driving licenses on its website as proof of the intrusion. Barts manages five hospitals in London and claims to cater to roughly 2.5 million people.
Banks under attack
Deutsche Bank and its subsidiary, Postbank, confirmed a cyberattack incident impacting the personal information of an unidentified number of customers. Customers who used their account switch service in 2016, 2017, 2018, and 2020 are purported victims of the attack. Attackers reportedly exploited a security bug in the software of an unnamed third-party service provider.
Legion Stealer in return for PUBG hack
Cyble security experts stumbled across a GitHub page that pretends to be a PUBG bypass hack project to help players gain an unfair advantage over other players. However, it distributes a malicious file loaded with an info-stealer called Legion. It can collect a range of system information, target different crypto wallets, and extract passwords from web browsers. It was initially advertised on Telegram as a hacking tool.
Scarleteel campaign targets AWS
The financially-motivated threat actor, known as Scarleteel, has been observed abusing Amazon Web Services (AWS) Fargate with the objective of stealing credentials and intellectual property. The campaign exhibits a robust and covert C2 architecture to enhance resilience and maintain stealth. Additionally, it has expanded its arsenal to carry out distributed DDoS attacks and more.
PoC exploit risks Ubiquiti routers
A heap overflow issue, tracked as CVE-2023-31998, was addressed in Ubiquiti EdgeRouter and Aircube devices. Now, researchers have developed a PoC exploit for the bug and successfully tested it against Ubiquiti EdgeRouter-X, whose latest firmware suffers from the same flaw. The flaw resides in the miniupnpd service and can be exploited by a LAN attacker. The company is not aware of the abuse of the bug in the wild.
Apple releases Rapid Security Response
Apple’s Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser has been pulled by the company hours after its release. This round of updates addressed a zero-day vulnerability that was being actively exploited in the wild. Earmarked CVE-2023-37450, unauthenticated users could achieve arbitrary code execution while processing specially crafted web content.