Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 18, 2024

North Korean hackers have struck again, deploying a new variant of BeaverTail malware targeting macOS users. The malware pretends to be a legit video calling service, asking unsuspecting victims to join a job interview by downloading a malicious app.

Thousands of Google Cloud-hosted websites are impacted by a new variant of HTTP request smuggling known as TE.0, impacting vital services such as Identity-Aware Proxy.

While crypto doubling schemes are nothing new, this latest one takes the cake. Scammers are using hijacked YouTube channels to push Elon Musk deepfake live streams, stating that he would reveal insights into the assassination attempt on Donald Trump.

Top Malware Reported in the Last 24 Hours

New malware campaign exploits RDPWrapper

Cybercriminals have been spotted exploiting legitimate tools like RDPWrapper and Tailscale to gain unauthorized access and control over cryptocurrency users' systems through a sophisticated multi-stage attack campaign. RDPWrapper enables multiple RDP sessions per user, allowing threat actors to maintain persistent access to compromised systems discreetly. Tailscale is used by attackers to establish a secure, private network connection, facilitating remote command execution and data exfiltration. The attackers have focused on Indian users within the cryptocurrency ecosystem.

DPRK hackers tweak malware

North Korean hackers have developed a new variant of their BeaverTail malware to target macOS users. The malware is disguised as a legitimate video calling service called Microtalk. The hackers lure victims into downloading the malicious Microtalk app installer by asking them to join a job interview. The cloned Microtalk site claims no download is required, but the fine print is overlooked by victims. Apart from stealing data, BeaverTail also executes additional payloads, including InvisibleFerret.

Top Vulnerabilities Reported in the Last 24 Hours

New flaw affects Google Cloud websites

A new variant of the HTTP request smuggling attack called TE.0 affected thousands of Google Cloud-hosted websites, compromising services like Identity-Aware Proxy. HTTP request smuggling is a web security flaw where attackers exploit inconsistencies in handling HTTP request sequences by servers and intermediaries. The technique, similar to the CL.0 variant, uses the Transfer-Encoding header to enable mass zero-click account takeovers on susceptible systems.

Atlassian issues patches

Atlassian has released security updates to address several high-severity vulnerabilities in its Bamboo, Confluence, and Jira products, including issues that could allow SSRF, file inclusion, and DoS attacks. Bamboo Data Center and Server had two high-severity vulnerabilities: CVE-2024-22262 and CVE-2024-21687. Confluence Data Center and Server had seven high-severity vulnerabilities. Jira Software and Service Management had a high-severity vulnerability, tracked as CVE-2022-41966.

Cisco fixes SSM On-Prem bug

A critical vulnerability in Cisco's Smart Software Manager On-Prem (SSM On-Prem) allows unauthenticated, remote attackers to change the password of any user, including administrators, on vulnerable systems. The vulnerability is caused by an improper implementation of the password-change process in the SSM On-Prem authentication system. This critical flaw (CVE-2024-20419) has a maximum severity rating and impacts SSM On-Prem installations earlier than Release 7.0, known as Cisco Smart Software Manager Satellite (SSM Satellite).

? Top Scams Reported in the Last 24 Hours

Trump assassination news and crypto scams

Cybercriminals are using deepfake videos of Elon Musk on hijacked YouTube channels to promote a cryptocurrency doubling scam. The scam claims that Musk plans to provide financial support to Trump's presidential campaign. The videos encourage viewers to participate in a cryptocurrency giveaway by scanning a QR code, which leads to fraudulent websites. To protect against these scams, users are advised to be cautious of click-bait videos, not to scan QR codes promising crypto giveaways, and to use trusted security solutions.

Related Threat Briefings