Cyware Daily Threat Intelligence
Daily Threat Briefing • Jun 20, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jun 20, 2023
ASUS has addressed both ‘Critical’ and ‘High’ rated security vulnerabilities in the latest round of updates for multiple router models. The critical ones are an out-of-bounds write and a memory corruption issue, rated 9.8 on the CVSS scoring system. The makers have urged users to install a firmware update. Researchers took the wraps off of a year-long cyberattack campaign deploying a custom Golang malware called RDStealer. Not a coincidence but all the compromised machines were Dell-manufactured devices. The malware strain focused on stealing credentials and extracting data from compromised hosts.
Moving on. A one-of-a-kind scam has come to light wherein a Connecticut man orchestrated a million-dollar scam targeting DoorDash drivers in California. The criminal hid more than $700,000 of the stolen money inside various lockboxes.
Thousands of school victims
Des Moines Public Schools, Iowa's largest school district, announced falling victim to a ransomware incident on January 9, 2023, which knocked its network systems offline. It will be contacting 6,700 victims whose data was compromised in the aftermath of the attack. School officials further clarified that no payment of ransom has been made or will be made in response to this attack.
Compromised ChatGPT accounts
A research report by Group-IB disclosed that the number of compromised ChatGPT credentials available for purchase on the dark web has surpassed the milestone of 100,000. Phishing campaigns were the primary means of hijacking or stealing these ChatGPT accounts. Asia-Pacific remained the most hit, based on the number of credentials being offered for that region.
Android apps extract location data
Cyfirma, a cybersecurity firm, spotted three Android apps aimed at harvesting sensitive data from targeted devices, such as location data and contact lists. It found nSure Chat and iKHfaa VPN as suspicious applications while the third did not seem malicious. Notably, all three apps come from the same contributor. The operation has been attributed to an Indian hacking group known as "DoNot," also identified as APT-C-35, according to experts.
Malware steals credential and other data
Bitdefender security experts laid bare over a year-long credential and data exfiltration campaign aimed at an unnamed IT company located in East Asia. During the initial stages of the operation, attackers relied on commonly available RATs (such as AsyncRAT) and Cobalt Strike beacons to facilitate their activities. In a later stage, the attackers dropped a server-side backdoor called RDStealer, which is equipped with functionalities to collect clipboard content and keystroke data from the systems.
ASUS issues critical updates
Taiwanese computer accessories maker ASUS rolled out an update for its wide range of router models. It patches nine security flaws in its Asuswrt firmware; two are classified as ‘Critical’ and six labeled as ‘High’ severity. The additional vulnerability is undergoing analysis and assessment. The first critical bug, identified as CVE-2018-1160, affects certain versions of Netatalk. It existed for nearly five years. The second, designated as CVE-2022-26376, concerns the Asuswrt firmware.
Buggy Zyxel NAS devices
Zyxel released security updates fixing a critical security hole found in its network-attached storage (NAS) devices. The flaw, earmarked CVE-2023-27992, is a pre-authentication command injection issue. It can potentially allow an unauthenticated user to remotely execute arbitrary commands on the affected systems by sending a specially crafted HTTP request.
DoorDash drivers scammed
An individual scammer swindled nearly $950k from DoorDash drivers by employing sophisticated social engineering tactics. The theft would begin by placing a bogus DoorDash order, receiving the driver's details, and then contacting said driver via text or phone claiming to be from the DoorDash support team. From here, the driver would be convinced to hand over banking details or log in to a fake portal, resulting in the loss of funds.