Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 20, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 20, 2023
Cyber adversaries are targeting two path traversal vulnerabilities in a Jira plugin that allows them to read arbitrary files on the server. Patch it on priority because technical information and PoC exploits are publicly available. Additionally, researchers have noticed attackers’ attempts to download files that Jira uses to store database passwords. More on security flaws, an advisory has been released to notify users of security bugs in GE's Cimplicity human-machine interface and SCADA product. This product is extensively utilized by major organizations globally, including critical infrastructure sectors.
What's more, approximately 934 Redis systems may be vulnerable to a new P2P worm that researchers have dubbed P2PInfect. Attackers abuse the Lua sandbox escape bug in vulnerable Redis instances.
Recycling services malfunction
Norwegian recycling firm TOMRA suffered a cyberattack that impacted its supply chain management and operations at major office locations. The company’s reverse vending machines for recycling bottles and cans have been impacted differently based on geography and the age of the machines. The attack has not been claimed by any criminal group.
Russian Medical lab targeted
A cyberattack has hit Russian medical laboratory Helix, disrupting its systems and preventing customers from receiving test results. The hackers attempted to infect the company's systems with ransomware, however, the lab's tech team was able to restore partial functionality without paying the ransom. While no customer data was leaked, many customers complained of not receiving results and sought refunds.
Ransomware actors cripple cosmetic firm
Both Alphv/BlackCat and Cl0p ransomware groups claimed to have targeted Estee Lauder in a recent breach, knocking some of its systems offline. It remains unclear whether ransomware was deployed or if it is a case of data theft-based extortion. Meanwhile, the Cl0p group says it is in possession of 131GB of data.
Data of millions of patients stolen
Tampa General Hospital confirmed that nearly 1.2 million patients' confidential information, including SSNs, was stolen by a criminal group. The compromised data may include names, addresses, phone numbers, dates of birth, health insurance information, and limited treatment details. The hospital's medical record system was not accessed.
P2P worm abuses Redis instances
Cybersecurity researchers discovered a new P2P worm named P2PInfect that targets vulnerable Redis instances for exploitation. The worm is notable for its use of the critical Lua sandbox escape flaw, identified as CVE-2022-0543, to infect systems. Written in Rust, its attacks are more scalable than other worms. Moreover, it can establish P2P communication to a larger network to fetch additional malicious binaries and propagate the malware to other exposed Redis and SSH hosts.
Critical Jira plugin bugs
The SANS team warns of two path traversal vulnerabilities in the Stagil navigation for Jira - Menus & Themes plugin that cybercriminals are exploiting. The plugin, available on the Atlassian marketplace, allows users to customize their Jira instance with a custom navigator and sub-menus. Tracked as CVE-2023-26255 and CVE-2023-26256, the high-severity flaws could enable attackers to read arbitrary files on the server, potentially accessing sensitive information like credentials and application data.
Oracle’s monthly patch update
Oracle released 508 new security patches in its July 2023 Critical Patch Update (CPU), with over 75 addressing critical-severity vulnerabilities. More than 350 patches fix vulnerabilities exploitable remotely without authentication. The Financial Services division received the highest number of patches (147), and various other products like Fusion Middleware and Communications Applications also received numerous fixes. Successful exploitation of these flaws could lead to system or application compromise.
Over a dozen ICS bug
GE recently patched 14 vulnerabilities in its Cimplicity human-machine interface and supervisory control and data acquisition product. The flaws included memory corruption vulnerabilities that could lead to arbitrary code execution. These vulnerabilities, assigned CVE-2023-3463, were reminiscent of past attacks by the Russian state-sponsored hacker group Sandworm, known for its disruptive attacks on Ukraine's energy sector.