We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 20, 2024

More threat actors have tagged along to exploit critical vulnerabilities in TeamCity On-Premises servers to bypass authentication and take over administrative controls. They are exploiting the bugs for RCE and directory traversal, enabling the delivery of ransomware, miners, backdoors, and more. Today’s malware update also includes an Azorult campaign wherein cybercriminals use the HTML smuggling technique to distribute the malicious payload. The attackers aim to harvest critical user data, including credentials and crypto wallets.

Amid rising reports of scams, the FTC issued a warning about scammers posing as its employees to defraud Americans, with victims reporting increased losses. Meanwhile, a bug trio has been reported within a widely-used GitOps continuous delivery tool in Kubernetes environments.

Top Breaches Reported in the Last 24 Hours

Pokémon Company resets user passwords

A hacking attempt against Pokémon Company prompted proactive password resets for affected individuals. The company confirmed that no breach has occurred, and only a small fraction (0.1%) of accounts were compromised. It is assumed to be a credential-stuffing attack by adversaries. Notably, Pokémon Company does not currently offer two-factor authentication.

Pharmaceutical firm investigates cyberattack

California-based Crinetics Pharmaceuticals is allegedly under attack by the LockBit ransomware group. LockBit members have demanded a $4 million ransom from the firm and have and given a deadline of March 23. According to a spokesperson from the firm, experts detected “suspicious activity in an employee’s account and disabled it on the same day.”

Mintlify exposed GitHub tokens

Documentation startup Mintlify suffered a data breach, exposing the GitHub tokens of 91 customers due to a vulnerability in its systems. These tokens allowed access to users' source code repositories. Mintlify is reportedly working with GitHub to assess any unauthorized access to private repositories.

Top Malware Reported in the Last 24 Hours

TeamCity bugs exploited to deploy malware and backdoors

Two critical vulnerabilities in JetBrains TeamCity have been under active exploitation by multiple threat groups deploying different malware and backdoors. These include Jasmin ransomware, XMRig cryptocurrency miner, Cobalt Strike beacons, and SparkRAT backdoors. POC exploits for these are available to the public, increasing the likelihood of widespread exploitation.

Azorult campaign hits healthcare

A new evasive Azorult campaign has been spotted targeting the healthcare sector wherein attackers leverage HTML smuggling via Google Sites to deliver a malicious JSON payload from an external source. The attack is disguised within fake Google Docs pages, bypassing scanners with CAPTCHA, and utilizing PowerShell scripts for payload delivery. The payload can steal sensitive data including login credentials, crypto wallet information, and browser data.

Top Vulnerabilities Reported in the Last 24 Hours

Critical flaws found in Argo GitOps tool

Security researchers from KTrust uncovered three critical vulnerabilities in Argo, a popular GitOps continuous delivery tool for Kubernetes. These flaws could enable attackers to bypass rate limits and brute force protection, trigger denial of service attacks, and compromise user account safety. Argo was notified and is expected to address the issues in an upcoming release.

Browser security updates address sensitive bugs

Google and Mozilla released security updates for their web browsers, Chrome and Firefox, addressing multiple vulnerabilities in them. Chrome 123 patched 12 bugs, including a high-severity issue in the V8 JavaScript engine. Firefox 124 addressed 12 security defects, including critical memory safety bugs. Thunderbird 115.9 and Firefox ESR 115.9 also receive patches for 10 vulnerabilities. While no exploits have been reported, users are urged to update to the latest versions to mitigate potential risks.

Top Scams Reported in the Last 24 Hours

Scammers impersonate FTC personnel

The FTC cautioned against scammers impersonating its employees to extort money from Americans, with median losses soaring from $3,000 to $7,000 in five years. Reports highlight a surge in government impersonation complaints that coerce potential victims into transferring or wiring money via phone calls, email, or text messages. The agency releases guidelines to combat this and emphasizes it will never demand money or issue threats.

Related Threat Briefings