Cyware Daily Threat Intelligence
Daily Threat Briefing • May 11, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • May 11, 2022
Another day, another new series of malware attacks. Researchers unearthed a new trojan, named Nerbian, that leverages COVID-19 themes to target organizations worldwide. The lesser-known Bitter APT group has also been found using a new malware called ZxxZ to target government organizations in Bangladesh. Besides these, a new exploit kit is being used in the wild to launch attacks against vulnerable Microsoft Exchange servers.
Moving on to the good part, a significant number of patches were issued as part of this month’s security updates. As usual, Microsoft takes the first position by addressing 73 security flaws. In the same vein, Adobe has released advisories for at least 18 flaws, 10 of which affect Adobe FrameMaker.
Dis-Chem compromised
A data breach at a third-party service provider had exposed the data of over 3.6 million South African users associated with the Dis-Chem retail giant. The compromised data includes the full names, email addresses, and phone numbers of users. The retail giant became aware of the incident on or about April 28.
Oregon’s Elections impacted by an attack
A web hosting provider, Opus Interactive, suffered a ransomware attack that compromised some voters’ data in Oregon. It is estimated that around 1,100 users’ data is impacted by the attack. As a part of a precautionary measure, the State’s office has urged the users to reset their passwords.
Around 10GB of data leaked
A misconfigured database had exposed around 10GB of data comprising 21 million unique records in a Telegram group. The unprotected database contained the personal data of VPN users from SuperVPN, GeckoVPN, and ChatVPN.
FluBot malware spotted
Finland’s National Cyber Security Center (NCSC-FI) has issued a warning about a new Flubot malware campaign that relies on SMS and MMS for distribution. The messages claim to contain fake links to voicemail, missed call notifications, or alerts about a transaction. Once the malware is executed, it accesses SMS data and phone calls and monitors notifications to snatch temporary authentication codes like OTP.
New IceApple exploit kit
Security researchers have uncovered a new exploit kit that is being widely deployed on vulnerable Microsoft Exchange servers. Named IceApple, the framework had first appeared in late 2021 and is still under active development. According to researchers, threat actors are currently using the exploit kit to obtain initial access to the networks belonging to organizations in the technology, academic, and government sectors.
New Nerbian RAT discovered
A newly discovered Nerbian RAT is leveraging COVID-19-themed messages to target organizations worldwide. Written in the Go language, the trojan uses significant anti-analysis and anti-reversing capabilities to conduct malicious activities. The first attack attempt distributing the malware was observed on April 26.
Bitter APT adds a new malware
New research reveals that the Bitter APT group has added a new malware to target government organizations in Bangladesh. The campaign has been active since August 2021 and leverages spoofed email addresses to trick victims. The phishing emails appear to come from government organizations in Pakistan.
Microsoft patches 73 flaws
Microsoft has released patches for 73 security flaws as a part of this month’s Security Patch Tuesday. One of these patches is for a zero-day Windows LSA Spoofing Vulnerability which is tracked as CVE-2022-26925. It is currently being exploited to launch Man-in-the-Middle (MitM) attacks.
Adobe issues security patches
Adobe has issued security patches for at least 18 flaws affecting its products. Some of these flaws can be exploited to launch remote code execution attacks. Ten of these flaws are found in Adobe FrameMaker. The company has confirmed that there is no evidence of exploitation of flaws in the wild.
Update Windows PrintNightmare flaw
Researchers have observed a noticeable rise in the number of attacks that exploited the previously disclosed PrintNightmare flaw in Windows Print Spooler. In the last 12 months, cybercriminals had conducted approximately 65,000 attacks through the Windows Print Spooler application. Out of this, 31,000 were recorded in the first quarter of 2022.
Siemens, Schneider Electric patch 43 flaws
A total of 43 flaws have been addressed by Siemens and Schneider Electric. While Siemens has released 12 advisories covering 35 vulnerabilities, Schneider Electric has released three advisories to inform customers about eight vulnerabilities. Most of these flaws could be exploited to remotely take control of devices.