We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 1, 2022

FluBot’s down! The FluBot infrastructure that hackers would use to send tens of thousands of SMS messages in an hour to Android users is under the clutches of Dutch police. The situation around the recently disclosed Microsoft bug, Follina, is tense. Several reports have surfaced claiming Chinese hackers are at the forefront of exploiting the bug.

Operations came to a standstill for hospitals and clinics in Costa Rica and at a Foxconn factory in Mexico in the wake of distinct cyberattacks. The latter is being blackmailed for $34 million in BTC.

Top Breaches Reported in the Last 24 Hours

Costa Rica's hospitals and clinics hit

The Costa Rican Social Security Fund (CCSS) was hacked in a major cyberattack. The incident forced the agency to shut its digital record-keeping system down, which impacted nearly 1,200 hospitals and clinics. Patients were advised to cooperate as there could be a delay in carrying out procedures during this situation of emergency.

Lockbit 2.0 encrypts Foxconn’s network

Hackers used the LockBit 2.0 ransomware to lock sensitive personal and company data at a Foxconn factory in Mexico. Threat actors have threatened to leak stolen files on June 11 if the victim doesn’t pay up. The cybercriminals have allegedly demanded more than $34 million in BTC.

Top Malware Reported in the Last 24 Hours

Europol Chasened FluBot

An international law enforcement operation—involving 11 countries—has reportedly curbed the activities of the infamous FluBot Android malware, which had also started infecting iOS devices to steal sensitive information, such as passwords and banking details. The malware’s top attack vector was smishing.

Top Vulnerabilities Reported in the Last 24 Hours

**Chinese APT exploits Follina **

The Windows zero-day vulnerability, identified as CVE-2022-30190 or Follina, is being exploited by China-linked TA413 APT to target the International Tibetan community by impersonating its “Women Empowerments Desk.” The SANS Institute also found a document abusing the same flaw. The file’s name was written in a Chinese dialect.

**The flaw that’s flawless **

SEC Consult noted a backdoor account on Korenix JetPort industrial serial device servers, through which an unauthorized user can gain full control of the infected devices. Tracked as CVE-2020-12501, the flaw was only made public after a lengthy disclosure process that began in 2020. Reportedly, the backdoor account has the same password on all devices as it’s stored in the firmware. However, it’s no threat, says the vendor.

Zero-day grips Horde Webmail

Threats hover over the users of Horde Webmail as an RCE vulnerability (CVE-2022-30287) may allow attackers to infiltrate the webserver and compromise servers. It can also enable them to intercept emails, and access password-reset links and sensitive documents, which can lead to credential theft of users.

Top Scams Reported in the Last 24 Hours

Faking U.K’s home delivery service

Scammers have erected a fake site (only responsive to mobile browsers) impersonating a home delivery company in the U.K called Evri. The bait includes messages containing an apology for not delivering the latest parcel. The phishing page asks for personal ID, credit card number, and bank details. If entered, one can lose card data and even bank account details to a damagingly ambitious scam.

Non-directed, Runescape-themed phishing

A new phishing email spoofs players of Runescape, the popular free MMORPG title from Jagex. It aims to create a panic by conveying to the players that their address has been accidentally added to someone else’s account and that it needs a quick fix. The victims are requested for the visitor’s authenticator code and also their bank PIN, where players essentially store their valuable items.

Related Threat Briefings