Cyware Daily Threat Intelligence
Daily Threat Briefing • Mar 17, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Mar 17, 2023
For this particular hack, just a phone number is enough! Security researchers cautioned against baseband RCE flaws in Samsung’s Exynos chipsets that experienced threat actors could exploit to covertly compromise impacted devices. Hence, technical details about the flaws were not shared. Beware! Malicious versions of WhatsApp and Telegram apps were seen targeting victims’ bitcoin wallets. In this case, researchers claim they witnessed Android clippers relying specifically on instant messaging apps for the first time. Criminals also use the Optical Character Recognition (OCR) technique to pilfer wallet recovery phrases in case the users have saved a screenshot of it.
A ransomware group, whose free decryptor key was released in January, has plans to monetize solely through stolen data to extort ransoms from victims. Also, they have started threatening victims with legal risks that a data breach disclosure would entail.
Crpto-exchange platform breach
Security analysts at Website Planet found an unprotected database pertaining to Fiatusdt, an online currency exchange platform. The affected data include names, bank account details, purchase and sales records, and other sensitive data. Researchers were able to view as many as 20,000 passports and identity card images that appeared to belong to individuals worldwide.
**Patient data leak in Alabama **
NorthStar Emergency Medical Services, an Alabama-based ambulance service, announced a breach incident affecting 82,450 patients. The breach, however, occurred in September 2022 and may have compromised patient data including SSNs and insurance data. It’s unclear who could be behind the breach as officials did not name anyone.
Free decryptor for MeowCorp
Someone reportedly dropped a cache of 258 private keys of MeowCorp, a modified version of the Conti ransomware, noted Kaspersky, along with its release of a decryption tool. Analyzing the keys, researchers revealed that they discovered this variant in December 2022. The attacks using this strain targeted mostly Russian organizations, with some victims from the government sector in Europe and Asia as well.
BianLian changes extortion technique
Changing its ransom tactics, the BianLian ransomware group appears to have decided not to encrypt its victims' files, rather only extract data and demand a ransom against that. The ransomware operation surfaced in the wild in July 2022. The ransomware operators, in some of the cases, also referenced the subsections of several laws and statutes that a victim firm can face if its breach news goes public.
Clipper malware via fake SM sites
Fraudsters are targeting users with fake websites of messaging platforms such as Telegram and WhatApp. The trojanized versions of websites concern Android and Windows users who could be infected with cryptocurrency clipper malware. Some of the clipper apps abuse optical character recognition to harvest data while some were found bundled with remote access trojans (RATs).
Several flaws in a Samsung chipset
Researchers with Google’s Project Zero uncovered 18 vulnerabilities in Samsung’s Exynos chipsets. Among these, the four most severe flaws allow an attacker to conduct Internet-to-baseband remote code execution, leading to compromised phones without any user interaction. To pull off this attack, an attacker just needs to have the phone number of a potential victim.
Firefox 111 patch release
Mozilla issued fixes for 13 flaws with the Firefox 111 release, with several of those rate ‘high’ severity. Three of them are potentially serious issues that impact Firefox for Android; a hacker can hide fullscreen notifications and leverage them for causing user confusion or spoofing attacks. Other severe flaws lead to arbitrary code execution and information exposure.
Critical BitLocker bug patched
Microsoft shared a script that fixes a security bypass bug in the Windows Recovery Environment (WinRE) for the BitLocker device encryption feature. An unauthenticated user abusing this bug, tracked as CVE-2022-41099, can attain physical access to encrypted data in low-complexity attacks. The recommended script version is PatchWinREScript_2004plus.ps1 that helps security teams apply the updates on systems running Windows 10 2004 and later.
Scammers impersonate bank officials
Bad actors have been spotted targeting bank customers in a convincing Twitter scam wherein they exploit Twitter’s quote-tweet feature. As soon as an individual posts a complaint regarding a bank, criminals quote-tweet that complaint adding a fake helpline number. Several Indian banks including HDFC, Axis, and ICICI were targeted.