Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 2, 2023

For the first time, hackers have been able to break through UEFI Secure Boot defenses around Windows 11. The bootkit dubbed BlackLotus exploits a security flaw tracked as CVE-2022-21894, aka Baton Drop. The actual method followed by hackers to deploy the bootkit remains unknown. E-commerce consumers have another threat hovering over them in the name of R3NIN. Being offered as a ready-to-use toolkit, the credit card sniffer has two versions at present that extract and intercept all data inputs shared by the victim on an online shopping page.

A pitfall in OAuth implementation for Booking dot com has been addressed just in time. Salt Labs researchers spotted the security hole that lied in the integration between Facebook and the travel booking platform.

Top Breaches Reported in the Last 24 Hours

Top British retailer exposes employee data

WH Smith disclosed a data breach incident that blurted out information belonging to current and former employees. The retailer hasn’t confirmed the number of victims, however, it employs about 10,000 people in the UK across its High Street stores and outlets at railway stations and airports. The firm clarified that customer accounts and underlying customer databases are on separate systems and are unaffected by the breach.

Cyberattack hits community college in California

College of the Desert, a public community college in California, announced suffering a breach affecting 800 individuals. The incident caused nearly a month-long outage of the school's phone and internet capabilities. The attack originally occurred roughly nine months ago. Officials said they didn’t receive any reports where stolen data may have been misused.

Top Malware Reported in the Last 24 Hours

New RAT hitting crypto companies

Parallax RAT has emerged as a new threat to crypto firms. The malware uses injection techniques to hide from detection. The malware’s features include uploading and downloading files, taking screenshots, and also recording keystrokes. The attacks are notable for the use of the Notepad tool to start chats with the victims and give them instructions on how to join an attacker-controlled Telegram channel.

UEFI bootkit bypasses Windows 11 Secure Boot

BlackLotus bootkit was discovered interfering with UEFI Secure Boot, a crucial platform security feature, that can run even on fully up-to-date Windows 11 systems. The robust, persistent 80 KB toolkit was created in Assembly and C language. To prevent infecting computers in Armenia, Belarus, Kazakhstan, Moldova, Romania, Russia, and Ukraine, it also has geofencing capabilities.

R3NIN - New card skimmer

Cybersecurity analysts at Cybel reported on R3NIN, an online skimmer, that pilfers payment card data and PII from unsuspecting individuals while they checkout from online shops. This toolkit has capabilities for creating unique JavaScript injection codes, managing exfiltrated data, managing compromised payment card info (across different browsers), checking BINs, parsing data, and generating statistics.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco patches critical bug

Cisco released a bug fix affecting its IP Phone 6800, 7800, 7900, and 8800 Series equipment. The bug, CVE-2023-20078, is a command injection issue in the web-based management interface owing to insufficient validation of user-supplied input. The successful exploitation of the bug makes it possible for an unauthenticated user to execute arbitrary commands.

Vulnerability affecting OAuth protocol

One of the biggest online travel booking platforms in the world, Booking.com, addressed an OAuth protocol vulnerability. The bug enabled a hacker to take over users’ Facebook accounts and perform actions on their behalf while gaining full visibility into the account. A POC for the same attack was privately reported and the firm took no time in mitigating the risks.

Top Scams Reported in the Last 24 Hours

Digital Smoke - An investment scam

Experts at Resecurity uncovered one of the largest investment fraud networks known as Digital Smoke wherein hackers impersonate well-known Fortune 100 firms from the U.S. and the U.K. The campaign spreads across Australia, Canada, China, Colombia, the European Union, India, Singapore, Malaysia, United Arab Emirates, Saudi Arabia, Mexico, the U.S., and other regions.

Related Threat Briefings