Cyware Daily Threat Intelligence

Daily Threat Briefing • Mar 2, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Mar 2, 2023
For the first time, hackers have been able to break through UEFI Secure Boot defenses around Windows 11. The bootkit dubbed BlackLotus exploits a security flaw tracked as CVE-2022-21894, aka Baton Drop. The actual method followed by hackers to deploy the bootkit remains unknown. E-commerce consumers have another threat hovering over them in the name of R3NIN. Being offered as a ready-to-use toolkit, the credit card sniffer has two versions at present that extract and intercept all data inputs shared by the victim on an online shopping page.
A pitfall in OAuth implementation for Booking dot com has been addressed just in time. Salt Labs researchers spotted the security hole that lied in the integration between Facebook and the travel booking platform.
Top British retailer exposes employee data
WH Smith disclosed a data breach incident that blurted out information belonging to current and former employees. The retailer hasn’t confirmed the number of victims, however, it employs about 10,000 people in the UK across its High Street stores and outlets at railway stations and airports. The firm clarified that customer accounts and underlying customer databases are on separate systems and are unaffected by the breach.
Cyberattack hits community college in California
College of the Desert, a public community college in California, announced suffering a breach affecting 800 individuals. The incident caused nearly a month-long outage of the school's phone and internet capabilities. The attack originally occurred roughly nine months ago. Officials said they didn’t receive any reports where stolen data may have been misused.
New RAT hitting crypto companies
Parallax RAT has emerged as a new threat to crypto firms. The malware uses injection techniques to hide from detection. The malware’s features include uploading and downloading files, taking screenshots, and also recording keystrokes. The attacks are notable for the use of the Notepad tool to start chats with the victims and give them instructions on how to join an attacker-controlled Telegram channel.
UEFI bootkit bypasses Windows 11 Secure Boot
BlackLotus bootkit was discovered interfering with UEFI Secure Boot, a crucial platform security feature, that can run even on fully up-to-date Windows 11 systems. The robust, persistent 80 KB toolkit was created in Assembly and C language. To prevent infecting computers in Armenia, Belarus, Kazakhstan, Moldova, Romania, Russia, and Ukraine, it also has geofencing capabilities.
R3NIN - New card skimmer
Cybersecurity analysts at Cybel reported on R3NIN, an online skimmer, that pilfers payment card data and PII from unsuspecting individuals while they checkout from online shops. This toolkit has capabilities for creating unique JavaScript injection codes, managing exfiltrated data, managing compromised payment card info (across different browsers), checking BINs, parsing data, and generating statistics.
Cisco patches critical bug
Cisco released a bug fix affecting its IP Phone 6800, 7800, 7900, and 8800 Series equipment. The bug, CVE-2023-20078, is a command injection issue in the web-based management interface owing to insufficient validation of user-supplied input. The successful exploitation of the bug makes it possible for an unauthenticated user to execute arbitrary commands.
Vulnerability affecting OAuth protocol
One of the biggest online travel booking platforms in the world, Booking.com, addressed an OAuth protocol vulnerability. The bug enabled a hacker to take over users’ Facebook accounts and perform actions on their behalf while gaining full visibility into the account. A POC for the same attack was privately reported and the firm took no time in mitigating the risks.
Digital Smoke - An investment scam
Experts at Resecurity uncovered one of the largest investment fraud networks known as Digital Smoke wherein hackers impersonate well-known Fortune 100 firms from the U.S. and the U.K. The campaign spreads across Australia, Canada, China, Colombia, the European Union, India, Singapore, Malaysia, United Arab Emirates, Saudi Arabia, Mexico, the U.S., and other regions.