We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 20, 2023

ASUS has addressed both ‘Critical’ and ‘High’ rated security vulnerabilities in the latest round of updates for multiple router models. The critical ones are an out-of-bounds write and a memory corruption issue, rated 9.8 on the CVSS scoring system. The makers have urged users to install a firmware update. Researchers took the wraps off of a year-long cyberattack campaign deploying a custom Golang malware called RDStealer. Not a coincidence but all the compromised machines were Dell-manufactured devices. The malware strain focused on stealing credentials and extracting data from compromised hosts.

Moving on. A one-of-a-kind scam has come to light wherein a Connecticut man orchestrated a million-dollar scam targeting DoorDash drivers in California. The criminal hid more than $700,000 of the stolen money inside various lockboxes.

Top Breaches Reported in the Last 24 Hours

Thousands of school victims

Des Moines Public Schools, Iowa's largest school district, announced falling victim to a ransomware incident on January 9, 2023, which knocked its network systems offline. It will be contacting 6,700 victims whose data was compromised in the aftermath of the attack. School officials further clarified that no payment of ransom has been made or will be made in response to this attack.

Compromised ChatGPT accounts

A research report by Group-IB disclosed that the number of compromised ChatGPT credentials available for purchase on the dark web has surpassed the milestone of 100,000. Phishing campaigns were the primary means of hijacking or stealing these ChatGPT accounts. Asia-Pacific remained the most hit, based on the number of credentials being offered for that region.

Top Malware Reported in the Last 24 Hours

Android apps extract location data

Cyfirma, a cybersecurity firm, spotted three Android apps aimed at harvesting sensitive data from targeted devices, such as location data and contact lists. It found nSure Chat and iKHfaa VPN as suspicious applications while the third did not seem malicious. Notably, all three apps come from the same contributor. The operation has been attributed to an Indian hacking group known as "DoNot," also identified as APT-C-35, according to experts.

Malware steals credential and other data

Bitdefender security experts laid bare over a year-long credential and data exfiltration campaign aimed at an unnamed IT company located in East Asia. During the initial stages of the operation, attackers relied on commonly available RATs (such as AsyncRAT) and Cobalt Strike beacons to facilitate their activities. In a later stage, the attackers dropped a server-side backdoor called RDStealer, which is equipped with functionalities to collect clipboard content and keystroke data from the systems.

Top Vulnerabilities Reported in the Last 24 Hours

ASUS issues critical updates

Taiwanese computer accessories maker ASUS rolled out an update for its wide range of router models. It patches nine security flaws in its Asuswrt firmware; two are classified as ‘Critical’ and six labeled as ‘High’ severity. The additional vulnerability is undergoing analysis and assessment. The first critical bug, identified as CVE-2018-1160, affects certain versions of Netatalk. It existed for nearly five years. The second, designated as CVE-2022-26376, concerns the Asuswrt firmware.

Buggy Zyxel NAS devices

Zyxel released security updates fixing a critical security hole found in its network-attached storage (NAS) devices. The flaw, earmarked CVE-2023-27992, is a pre-authentication command injection issue. It can potentially allow an unauthenticated user to remotely execute arbitrary commands on the affected systems by sending a specially crafted HTTP request.

Top Scams Reported in the Last 24 Hours

DoorDash drivers scammed

An individual scammer swindled nearly $950k from DoorDash drivers by employing sophisticated social engineering tactics. The theft would begin by placing a bogus DoorDash order, receiving the driver's details, and then contacting said driver via text or phone claiming to be from the DoorDash support team. From here, the driver would be convinced to hand over banking details or log in to a fake portal, resulting in the loss of funds.

Related Threat Briefings