Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 10, 2022

New Linux malware threat Symbiote has grabbed today’s headlines. It operates as a userland-level rootkit whose detection may be challenging for many of the security solutions out there. A wicked credit card skimmer, whose name is inspired by SMILODON (a saber-toothed tiger), has also been repurposed to steal data from WordPress e-Commerce sites, a shift from the Magento platform.

In the meantime, security bugs raised the stakes at HID Global, a firm that manufactures access control panels. It has warned that all of its OEM partners must immediately patch a high-severity vulnerability in its Mercury controllers. Else, it may lead to both digital and physical breaches.

Top Breaches Reported in the Last 24 Hours

Student data leaked via misconfigured server

vpnMentor disclosed a misconfigured Microsoft Azure server exposing the personal and educational records of about 57,400 Israeli and Indian students via MyEasyDocs, an online documents verification platform. If the data was accessed by an unauthorized individual, it could be exploited to carry out identity-based phishing scams, marketing scams, or education-related fraud.

Russian radio interrupted for Ukraine’s anthem

Cyber adversaries hijacked the lunchtime bulletin of the Kommersant FM radio station in Russia, which is Kommersant newspaper’s radio offshoot. They reportedly played the Ukrainian anthem and antiwar song by the Russian rock band Nogu Svelo. The radio station is owned by Uzbek billionaire Alisher Usmanov, who was sanctioned by the U.S. and the EU after Russia’s invasion of Ukraine.

**New Jersey school hit, exams postponed **

A ransomware attack on New Jersey-based Tenafly Public Schools knocked the school’s Google Classroom, and grading and other systems offline. The school has canceled the final exams slated to begin Monday onward as authorities need time to restore impacted systems. Soon after cybersecurity experts discovered ransomware on systems, the FBI was pulled in.

**Hacker misappropriated $200K via a public school **

The board of education at Floyd County School District, Georgia, mistakenly wired nearly $200,000 to a bank account that it believed to be associated with the Ben Hill Roofing company. As per the report, hackers made an email request to set up a direct deposit for future payment. The incident came to light after the real Ben Hill Roofing reached out for payment.

Vice Society claims attack on an Italian city

An attack on the city of Palermo, Italy, last week has been claimed by the Vice Society ransomware group. It has posted an entry on its dark web data leak site with a warning to publish stolen data if the ransom demand is not met. The attack caused a major service outage at the municipality level.

Top Malware Reported in the Last 24 Hours

WannaFriendMe ransomware impersonates Ryuk

MalwareHunterTeam discovered a new ransomware strain dubbed WannaFriendMe that forces victims to buy a decryptor from Roblox's Game Pass store using Robux in-game currency, instead of asking for a ransom in cryptocurrency. Moreover, the authors pretended to be a Ryuk variant, which, in reality, is a Chaos ransomware strain.

Highly evasive Symbiote malware

Security researchers at Intezer and the BlackBerry Research & Intelligence Team named a newly detected malware affecting Linux OS Symbiote owing to its parasitic nature. According to early findings, the malware was written to target the financial sector in Latin America. An interesting technical aspect of Symbiote is its Berkeley Packet Filter (BPF) hooking functionality that it uses to hide malicious network traffic on an infected machine.

Smilodon targets WordPress eCommerce sites

A mischievous Magecart actor has been observed conspiring skimming attacks against users on WordPress-based eCommerce platforms. Known as Smilodon, the malware was initially used as a backdoor in Magento environments and has lately turned to WordPress and WooCommerce as a credit card skimmer.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable HID Mercury controllers

Trellix researchers found a total of eight vulnerabilities in Carrier’s LenelS2 access control products using HID Mercury controllers. Out of eight flaws, seven were identified as critical. These can be exploited by hackers to remotely unlock doors and perform command injection, DoS conditions, information spoofing, and even deploying arbitrary files.

Google Chrome 102 Update

Google announced the release of a Chrome 102 browser update that addresses seven vulnerabilities. External researchers had reported four of these bugs that include two use-after-free in WebGPU vulnerabilities (CVE-2022-2007 and CVE-2022-2011), an out-of-bounds memory access in WebGL (CVE-2022-2008), and an out-of-bounds read in compositing (CVE-2022-2010).

Three SAP bugs abused

The Onapsis Research Labs revealed details about the exploitation of three vulnerabilities that have been patched by SAP. The three flaws are identified as CVE-2021-38163, CVE-2016-2386, and CVE-2016-2388. While two of the three CVEs have critical CVSS ratings, at least two of these have publicly available PoCs and exploits. Furthermore, two bugs are remotely exploitable through HTTP(s) protocols.

Top Scams Reported in the Last 24 Hours

Spam emails drop Ursnif

McAfee Labs brought attention to mass spam emails by hackers leveraging macro capabilities in Microsoft office. Malicious documents used in phishing attack invoke a kind of urgency, fear, or similar emotions in users. When opened, these spam emails deliver Ursnif trojan as payload to infect as many devices as possible.

Travel-themed phishing lures

Bitdefender laid bare a travel-themed spam campaign that began early in March 2022. Experts warned that such phishing lures may include keywords related to summer vacation (Booking receipt notices, Booking confirmations, Airline ticket giveaways) and may include the branding of well-known airline companies to deliver survey-based giveaway scams. Also, the rate of holiday phishing lures may peak in June.

Related Threat Briefings