Cyware Daily Threat Intelligence

Daily Threat Briefing • Jun 10, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jun 10, 2022
New Linux malware threat Symbiote has grabbed today’s headlines. It operates as a userland-level rootkit whose detection may be challenging for many of the security solutions out there. A wicked credit card skimmer, whose name is inspired by SMILODON (a saber-toothed tiger), has also been repurposed to steal data from WordPress e-Commerce sites, a shift from the Magento platform.
In the meantime, security bugs raised the stakes at HID Global, a firm that manufactures access control panels. It has warned that all of its OEM partners must immediately patch a high-severity vulnerability in its Mercury controllers. Else, it may lead to both digital and physical breaches.
Student data leaked via misconfigured server
vpnMentor disclosed a misconfigured Microsoft Azure server exposing the personal and educational records of about 57,400 Israeli and Indian students via MyEasyDocs, an online documents verification platform. If the data was accessed by an unauthorized individual, it could be exploited to carry out identity-based phishing scams, marketing scams, or education-related fraud.
Russian radio interrupted for Ukraine’s anthem
Cyber adversaries hijacked the lunchtime bulletin of the Kommersant FM radio station in Russia, which is Kommersant newspaper’s radio offshoot. They reportedly played the Ukrainian anthem and antiwar song by the Russian rock band Nogu Svelo. The radio station is owned by Uzbek billionaire Alisher Usmanov, who was sanctioned by the U.S. and the EU after Russia’s invasion of Ukraine.
**New Jersey school hit, exams postponed **
A ransomware attack on New Jersey-based Tenafly Public Schools knocked the school’s Google Classroom, and grading and other systems offline. The school has canceled the final exams slated to begin Monday onward as authorities need time to restore impacted systems. Soon after cybersecurity experts discovered ransomware on systems, the FBI was pulled in.
**Hacker misappropriated $200K via a public school **
The board of education at Floyd County School District, Georgia, mistakenly wired nearly $200,000 to a bank account that it believed to be associated with the Ben Hill Roofing company. As per the report, hackers made an email request to set up a direct deposit for future payment. The incident came to light after the real Ben Hill Roofing reached out for payment.
Vice Society claims attack on an Italian city
An attack on the city of Palermo, Italy, last week has been claimed by the Vice Society ransomware group. It has posted an entry on its dark web data leak site with a warning to publish stolen data if the ransom demand is not met. The attack caused a major service outage at the municipality level.
WannaFriendMe ransomware impersonates Ryuk
MalwareHunterTeam discovered a new ransomware strain dubbed WannaFriendMe that forces victims to buy a decryptor from Roblox's Game Pass store using Robux in-game currency, instead of asking for a ransom in cryptocurrency. Moreover, the authors pretended to be a Ryuk variant, which, in reality, is a Chaos ransomware strain.
Highly evasive Symbiote malware
Security researchers at Intezer and the BlackBerry Research & Intelligence Team named a newly detected malware affecting Linux OS Symbiote owing to its parasitic nature. According to early findings, the malware was written to target the financial sector in Latin America. An interesting technical aspect of Symbiote is its Berkeley Packet Filter (BPF) hooking functionality that it uses to hide malicious network traffic on an infected machine.
Smilodon targets WordPress eCommerce sites
A mischievous Magecart actor has been observed conspiring skimming attacks against users on WordPress-based eCommerce platforms. Known as Smilodon, the malware was initially used as a backdoor in Magento environments and has lately turned to WordPress and WooCommerce as a credit card skimmer.
Vulnerable HID Mercury controllers
Trellix researchers found a total of eight vulnerabilities in Carrier’s LenelS2 access control products using HID Mercury controllers. Out of eight flaws, seven were identified as critical. These can be exploited by hackers to remotely unlock doors and perform command injection, DoS conditions, information spoofing, and even deploying arbitrary files.
Google Chrome 102 Update
Google announced the release of a Chrome 102 browser update that addresses seven vulnerabilities. External researchers had reported four of these bugs that include two use-after-free in WebGPU vulnerabilities (CVE-2022-2007 and CVE-2022-2011), an out-of-bounds memory access in WebGL (CVE-2022-2008), and an out-of-bounds read in compositing (CVE-2022-2010).
Three SAP bugs abused
The Onapsis Research Labs revealed details about the exploitation of three vulnerabilities that have been patched by SAP. The three flaws are identified as CVE-2021-38163, CVE-2016-2386, and CVE-2016-2388. While two of the three CVEs have critical CVSS ratings, at least two of these have publicly available PoCs and exploits. Furthermore, two bugs are remotely exploitable through HTTP(s) protocols.
Spam emails drop Ursnif
McAfee Labs brought attention to mass spam emails by hackers leveraging macro capabilities in Microsoft office. Malicious documents used in phishing attack invoke a kind of urgency, fear, or similar emotions in users. When opened, these spam emails deliver Ursnif trojan as payload to infect as many devices as possible.
Travel-themed phishing lures
Bitdefender laid bare a travel-themed spam campaign that began early in March 2022. Experts warned that such phishing lures may include keywords related to summer vacation (Booking receipt notices, Booking confirmations, Airline ticket giveaways) and may include the branding of well-known airline companies to deliver survey-based giveaway scams. Also, the rate of holiday phishing lures may peak in June.