Cyware Daily Threat Intelligence
Daily Threat Briefing • May 3, 2023
TikTok as a popular app is lucrative to cybercriminals. After all, it has an ocean of data with billions of monthly active users. A critical vulnerability in the application has been patched that could allow an attacker to send harmful messages to the TikTok web application using the PostMessage API, effectively circumventing the platform's security measures. Entities in the hospitality industry, including thousands of hotels that use Oracle's Opera property management system, are also advised to promptly patch a bug in the software, which Oracle released in its April 2023 security update.
After more than six months of no activity, a Chinese state-sponsored threat group is back with a new malware, dubbed SPHijacker, in a new series of attacks. The tool disables security products.
Top Breaches Reported in the Last 24 Hours
Funds drained from a DEX
An attacker exploited a smart contract vulnerability in the Level Finance decentralized exchange to steal more than 214,000 LVL tokens. Adversaries then exchanged them for 3,345 BNB (~ $1,100,000). An analysis of the incident revealed that the smart contract "LevelReferralControllerV2" had a bug that enabled multiple claims for referrals to be made from the same epoch. The exchange confirmed that the attack did not impact its liquidity pools and related DAOs.
Top Malware Reported in the Last 24 Hours
New tool to neutralize security products
Chinese threat actor Earth Longzhi, a subgroup of APT41, was seen targeting organizations across sectors in Taiwan, Thailand, the Philippines, and Fiji. The actor reportedly abused vulnerable public-facing applications to gain initial access to the targeted system and deploy the BEHINDER web shell. The web shell unloads additional payloads, including CroxLoader, a Cobalt Strike’s variant loader. To disable security products, it used a new tool called SPHijacker.
Top Vulnerabilities Reported in the Last 24 Hours
Bug threatens hospitality
A research group cautioned that a recently addressed bug in Oracle Opera could be exploited by remote attackers to gain access to sensitive information. The bug, earmarked CVE-2023-21932, affects version 5.6 of the Oracle Hospitality OPERA 5 Property Services product. The product is a property management system extensively used in prominent hotel and resort chains.
BGP flaws in internet routing protocol
The Forescout security team unveiled a trio of vulnerabilities in a software implementation of the Border Gateway Protocol (BGP), which could be weaponized to trigger DoS conditions on vulnerable BGP peers. The bugs exist in FRRouting version 8.4, which is a commonly used open-source routing protocol suite for platforms including Linux and Unix. Due to its use by renowned vendors, such as NVIDIA Cumulus, DENT, and SONiC, the devices are at risk of potential supply chain attacks - stated experts.
TikTok fixes sensitive bug
A vulnerability in the TikTok application could allow attackers to monitor users' activity on mobile and desktop devices, disclosed the Imperva Red Team. The security mishap was caused by a window message event handler that did not properly verify the message origin, allowing unknown users to access sensitive user data. The vulnerability has since been fixed.
Chrome 113 patches 15 flaws
Google rolled out Chrome 113 to the stable channel with 15 security fixes with only medium- and low-severity bug fixes. A total of 10 vulnerabilities were reported by external researchers; the highest reward was against a medium-severity inappropriate implementation flaw in Prompts. Four other similar nature bugs were identified in Chrome components such as Prompts, Screen Mode, PictureInPicture, and CORS.