Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 25, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 25, 2023
Watch out! Your organization can be the next target for threat actors. A new report reveals that there are approximately 400,000 corporate credentials being sold on hacker forums and Telegram channels. The revelation comes after researchers conducted an analysis of nearly 20 million logs sold on underground forms.
In other threats, organizations have been urged to update the firmware of Endpoint Manager Mobile (EPMM) to the latest versions, following a warning from Ivanti about the wide exploitation of a zero-day vulnerability. A new speculative execution flaw, dubbed Zenbleed, impacting AMD processors based on the Zen 2 microarchitecture also surfaced in the last 24 hours.
Yamaha confirms cyberattack
Yamaha’s Canadian music division confirmed dealing with a cyberattack after BlackByte and Akira ransomware groups claimed to have targeted the company. While BlackByte added the company’s name to its list of victims on June 14, Akira listed the company’s name on July 21. According to the company’s statement, the attack led to unauthorized access to systems and the theft of sensitive data.
Law firm notifies about a breach
Orrick, Herrington & Sutcliffe notified nearly 153,000 individuals of a data breach incident that impacted their personal information. The incident also affects the data of the patients covered under a vision care benefits plan, whose data were compromised in another breach three years ago. Investigation revealed the patients’ data was accessed by threat actors between February 28 and March 7.
Two million records dumped
Around two million records stolen from the Egyptian Ministry of Health and Population were found on a hacking forum Popürler. A sample of the dataset posted by the hackers included health information of around 1,000 people, such as their names, IDs, phone numbers, addresses, diagnosis details, and information on their treatments.
Around 400,000 corporate credentials are on sale
An analysis of nearly 20 million information-stealing malware logs revealed that approximately 400,000 corporate credentials are being sold on hacker forums and Telegram channels. Some of these credentials belong to business applications such as Salesforce, Hubspot, Quickbooks, AWS, GCP, Okta, and DocuSign. Being stolen over the years by various information-stealing malware, the numbers indicate that the attackers have achieved significant infiltration into different business environments.
New stalkerware app
A spyware app, Spyhide, stealthily collected private data from tens of thousands of Android phones around the world. Active since 2016, the spyware is designed to stay hidden inside a victim’s phone home screen, making it difficult to detect and remove. The data came to light after a Switzerland-based hacker, who goes by the moniker ‘maia arson crimew,’ exposed the dashboard of Spyhide, containing records of about 60,000 compromised Android devices.
New Zenbleed vulnerability
A new vulnerability, tracked as CVE-2023-20593, affects AMD processors based on the Zen 2 microarchitecture. Categorized as a speculative execution flaw, it can be abused to exfiltrate information from sibling processes or VMs without any special privileges. The PoC exploit for the flaw has been disclosed, indicating attackers can leverage it to launch attacks.
MobileIron vulnerability exploited
Ivanti urged customers to apply a patch for a zero-day vulnerability (CVE-2023-35078) in Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, which is used by dozens of governments around the world. The concerns about the vulnerability grew after it was found that the flaw was being exploited in the wild. The issue affects versions 11.10, 11.9, and 11.8, as well as older end-of-life installations of the program. It has been fixed in versions 11.8.1.1, 11.9.1., and 11.10.0.2 of the product
Apple patches another zero-day flaw
Apple rolled out security patches for another zero-day flaw used in the ‘Operation Triangulation’ exploit chain. Tracked as CVE-2023-38606, the flaw affects both iOS, iPadOS, and macOS-powered devices. It was found that attackers exploited the flaw in versions prior to iOS 15.7.1.