We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 9, 2024

Attackers often seek administrative control for maximum damage. Lately, F5 BIG-IP Next Central Manager fixed a security flaw that could have enabled criminals to gain full administrative control and create hidden rogue accounts. Speaking of security mishaps, Google patched 26 Android security issues in two rounds this week, fixing several critical vulnerabilities in Android 14. Researchers also fixed Bluetooth and GPU driver bugs in Pixel.

Another months-long campaign has been unearthed by the FBI targeting retail gift card departments. Along similar lines, BogusBazaar scammed 850,000 victims in Western Europe, Australia, and the U.S. through fake shopping websites to steal nearly $50 million from them.

Top Malware Reported in the Last 24 Hours

Unveiling new strain of zEus stealer

A variant of the zEus stealer malware was discovered embedded within a crafted Minecraft source pack, distributed through YouTube. Mimicking a Windows screensaver file, the malware extracts itself via a WinRAR self-extract archive, initiating the theft of sensitive data upon execution. zEus employs anti-analysis techniques, such as checking system parameters, to evade detection. It extensively harvests information, including IP details, hardware specifications, browser data, and login credentials, saving them in predefined folders.

Top Vulnerabilities Reported in the Last 24 Hours

Critical flaws in F5 expose networks to attacks

Researchers uncovered critical vulnerabilities in F5 BIG-IP Next Central Manager, potentially allowing attackers to gain full administrative control and create hidden rogue accounts. These flaws, identified as CVE-2024-21793 and CVE-2024-26026, enable unauthenticated OData and SQL injection attacks, risking sensitive data leakage and unauthorized account creation. F5 advises immediate upgrades and implementing access restrictions to mitigate risks.

Google rolls out Android and Pixel updates

Google released security updates for Android, addressing 26 vulnerabilities, including a critical flaw (CVE-2024-23706) in the System component of Android 14 that allowed privilege escalation. The first update covered eight flaws, including four elevation of privilege bugs in the Framework component. The other update fixed 18 vulnerabilities in kernel, Arm, MediaTek, and Qualcomm components. Pixel devices also received updates for seven vulnerabilities in Bluetooth, Mali GPU driver, and Qualcomm components.

Top Scams Reported in the Last 24 Hours

FBI warns of retail gift card scams

The FBI alerted U.S. retail companies against malicious activities by Storm-0539, a hacking group targeting gift card department employees since January 2024. Storm-0539 employs sophisticated phishing kits to bypass MFA, infiltrate accounts, and steal credentials and SSH passwords. They then generate fraudulent gift cards using compromised accounts. The FBI advises corporations to update incident response plans, train employees to recognize phishing, and enforce MFA.

BogusBazaar swindled millions of victims

The BogusBazaar crime ring defrauded 850,000 individuals worldwide, amassing approximately $50 million over three years through fake online stores spanning 22,500 domains. Operating mainly in Western Europe, Australia, and the U.S., the scam involved selling nonexistent or counterfeit goods and harvesting credit card details. The network evaded law enforcement by decentralizing its operations and swiftly deploying new fake websites using US-hosted servers running WordPress with WooCommerce.

Related Threat Briefings