Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 23, 2023

How long before you patch a publicly disclosed vulnerability? In a recent incident, threat actors from China successfully exploited a 17-year-old bug in Microsoft Office. The attack campaign, however, was to target government officials from France, the United Kingdom, Australia, India, and Singapore who attended a session on global food security at the G7 Summit. Meanwhile, the CISA has expanded its KEV list by adding six additional security flaws. The cyber landscape also witnessed a Mirai botnet variant leveraging 22 security issues across IoT devices manufactured by some top vendors in the market.

Furthermore, the NSA has urged organizations to strengthen their systems to protect against the BlackLotus UEFI bootkit malware. According to officials, there is widespread confusion and unjustified safety practices around the threat.

Top Breaches Reported in the Last 24 Hours

Unsecured instance of 3CX

The Cybernews research team stumbled across yet another incident of 3CX data exposure, due to open Elasticsearch and Kibana instances at a third-party vendor. The data at risk could potentially be leveraged by adversaries to gain unauthorized access to 3CX networks once again. Also, there was a possibility to spy on 3CX clients or prepare for more sophisticated attacks.

UPS Canada suffers breach

UPS Canada has shared a letter titled "Fighting phishing and smishing - an update from UPS" with its customers, warning them about the exposure of their personal data that could fuel phishing attempts. During the investigation, it was discovered that the criminals behind the ongoing SMS phishing campaign utilized its package tracking tools to gain access to customers’ delivery database.

RateForce blurts out plethora of data

US auto insurance price comparison site RateForce suffered a massive data breach that exposed more than 250,000 documents in a 93.93GB data trove. Those contained the personal and sensitive information of numerous individuals from the U.S., such as Medicaid or health insurance cards, utility bills, and letters from banks showing active accounts.

Meet more MOVEit victims

The data of 2.5 million Genworth Financial policyholders and about 769,000 retired California state employees and other beneficiaries have been hit by a breach. The incident is connected to a common vendor who apparently fell victim to the MOVEit zero-day attack. The criminal gang responsible for the hack is identified as Cl0p.

Personal data exposed by agriculture firm

Dole, an Irish agriculture MNC, disclosed the leak of personal data of 3,885 U.S. employees in a ransomware attack in February. The attack reportedly caused a temporary shutdown of its North American operations and incurred approximately $10.5 million in loss during the first quarter.

Top Malware Reported in the Last 24 Hours

Mirai botnet exploits 22 vulnerabilities

Unit 42 researchers uncovered a modified version of the Mirai botnet that is actively abusing at least 22 security flaws in devices manufactured by the likes of D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek. The attackers aim to take control of these devices and utilize them to carry out DDoS attacks. Notably, this Mirai variant lacks the feature to brute force telnet/SSH login credentials.

NSA nullifies BlackLotus malware

The NSA has released a guide on mitigating attacks associated with the BlackLotus bootkit malware. The sophisticated piece of malware gained significant attention in October 2022 when it surfaced on dark web forums with a price tag of $5,000 for potential buyers. The malware would enable attackers to execute malicious code before the system boots for Windows 10 and Windows 11.

Top Vulnerabilities Reported in the Last 24 Hours

17-year-old vulnerability exploited

It is alleged that Chinese actors exploited a 17-year-old vulnerability in Microsoft Office to target foreign government officials who participated in a G7 summit held in Hiroshima, Japan. The vulnerability, tracked as CVE-2017-11882, is a memory corruption bug that allows attackers to execute arbitrary code on compromised devices. Microsoft addressed and fixed this vulnerability in 2017. Foreign government officials received emails from criminals posing as Indonesia's Ministry of External Affairs and Department of Economic Affairs.

Many drones are highly vulnerable

Researchers at smart city security provider Angoka identified 156 different threats to drone control systems. The top 50 threats fall into four categories: reporting falsified data, denying access to real-time data, impersonation of UAS and its operator, and tampering with telemetry data. Shadi Razak, CEO of Angoka, said, “Many drones are insecure by design.”

CISA updates KEV list

Six more security flaws have been listed in the CISA’s list of exploited vulnerabilities. These include VMware’s RCE bug tracked as CVE-2023-20887, Mozilla Firefox/Thunderbird use-after-free (CVE-2016-9079), and a Microsoft Win32k privilege escalation issue (CVE-2016-0165). It also features three other issues that Fancy Bear abused to infiltrate Ukraine’s Roundcube email servers. The primary objective of this campaign was to harvest military intelligence through various means.

Related Threat Briefings