Cyware Daily Threat Intelligence
Daily Threat Briefing • Mar 22, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Mar 22, 2022
Heads-up! Researchers demonstrated a new attack that uses a sneaky trick to spoof legitimate sites. Named Browser-in-the-Browser (BitB), the attack leverages third-party SSO options to phish away Google, Facebook, and Microsoft credentials.
Meanwhile, the surge in new malware threats remains a significant challenge for organizations. Watch out for a new Golang malware dubbed Arid Gopher that is being distributed via a malicious Word document that pretends to be a publication related to financial investments. A new BitRAT campaign is also underway, targeting users looking for a free version of Windows 10.
NRA confirms cyberattack
The U.S. National Rifle Association confirmed falling victim to a ransomware attack that occurred last October. The attack affected the networks, preventing individuals from accessing email or network files.
Microsoft, Okta investigate data theft claims
Microsoft has launched an investigation after the Lapsus$ hacking group claimed to steal 40 GB of source code for Bing, Bing Maps, and Cortana virtual assistant. Lapsus$ mentioned that Bing Maps accounted for 90% of the total dump, the data pilfered from Bing and Cortana included 45% of the dump.
New Arid Gopher spotted
Arid Gopher is a newly spotted malware attributed to APT-C-23 (Arid Viper). The malware is a variant of the Micropsia malware, used previously by APT-C-23. The malware, which is still under development, is distributed via a fake Microsoft Word document that pretends to contain sections from an academic publication regarding financial investments.
New BitRAT malware campaign
A new BitRAT malware campaign is leveraging illegal crack tools for Windows 10 license verification. The campaign targets users looking to activate pirated Windows OS versions for free on webhards. The malicious file, named ‘W10DigitalActiviation.exe’, pretends to offer a free version of Windows 10. Instead, the file downloads the malware from a hardcoded C2 server operated by the threat actor.
Vulnerable camera systems
Many IP cameras and surveillance systems have been found to be vulnerable to remote code execution and information leakage due to CVE-2021-28372. The flaw exists in the ThroughTek Kalay P2P software development kit. Attackers can exploit the vulnerability to impersonate a device running ThroughTek Kalay SDK by using a 20-bit unique identifier.
Windows zero-day flaw patched again
A Windows local privilege escalation zero-day vulnerability that Microsoft failed to fully address for several months, has received a new unofficial fix. The flaw allowed hackers to gain administrative privileges in Windows 10, Windows 11, and Windows servers. The flaw tracked as CVE-2022-21919, exploited the fix applied for CVE-2021-34484.
Steam users phished
Fake Esports voting sites are being used against Steam users through Steam-themed Discord channels. The scammers lured the users with attractive offers and tied them to fictional rewards if the message recipient takes part. The messages are sent in a different language to attract more users.
BitB phishing attack
A new phishing technique called Browser-in-the-Browser (BitB) attack can be exploited to spoof a legitimate domain and steal Google, Facebook, and Microsoft credentials. The attack takes advantage of third-party SSO options embedded on websites that issue popup windows for authentication.