Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 17, 2023

Ransomware attacks are increasing at an alarming rate. Law enforcement agencies have released a joint advisory underlining threats on critical infrastructure organizations from the BianLian ransomware attacks. The members of the group have been targeting entities in the U.S. and Australian critical infrastructure sectors since June 2022. Security experts expect organizations will limit the use of RDP and other remote desktop services. Meanwhile, a Chinese state-sponsored threat actor has been discovered targeting residential TP-Link routers with a tailor-made malware dubbed Horse Shell. The implant can allow unauthorized users to take complete control of the compromised systems.

In another update, Belkin's Wemo Mini Smart Plug’s EoL is around, hence the firm refuses to patch a buffer overflow vulnerability. Users are requested not to expose their devices to the internet or ensure appropriate segmentation measures to avoid mishaps.

Top Breaches Reported in the Last 24 Hours

Study-abroad platform exposes critical data

A security misconfiguration issue in university admission platform Leverage EDU’s Amazon S3 bucket has exposed sensitive data in nearly 240,000 files. The one-stop admission platform for students has more than 650 educational institutions worldwide as its clients with nearly 80 million users. The data impacted in the incident include contact numbers, emails, home addresses, students’ degree certificates, report cards, CVs, exam results, and applications filled.

Lacroix ceases operation

Technological equipment manufacturer Lacroix Group shut down three production sites after a ransomware attack hit its infrastructure. While the company did not explicitly state that it was a ransomware attack, it has acknowledged that certain local infrastructures have been encrypted. Additionally, an investigation is ongoing to identify any potential data that may have been stolen by criminals.

Top Malware Reported in the Last 24 Hours

**Horse Shell infects TP-Link routers **

European foreign affairs organizations are being targeted by a Chinese state-sponsored Camaro Dragon hacking group with a custom malware variant. This group has been found infecting residential TP-Link routers with a specialized malware called Horse Shell. Attackers can execute arbitrary commands, steal files, and even leverage the malware as a SOCKS proxy to facilitate communication between various devices.

Warning against BianLian activities

??The CISA, the FBI, and the ACSC issued an advisory to alert critical infrastructure organizations of the latest TTPs of the BianLian ransomware group’s attacks. BianLian breaches systems by exploiting valid RDP credentials obtained through various means. After gaining a victim’s network access, the adversary employs a custom backdoor written in Go, commercial RATs, as well as command-line tools and scripts to carry out network reconnaissance.

Top Vulnerabilities Reported in the Last 24 Hours

Google patches critical bug

Google Chrome rolled out a Chrome 113 security update that addresses a total of 12 security flaws. The update fixes a critical use-after-free flaw, tracked as CVE-2023-2721, in Navigation, that a remote attacker could abuse to trigger a heap corruption when a user accesses the page. Three additional use-after-free flaws—rated ‘high’ severity—were also patched in this release. They specifically affect Chrome's Autofill UI, DevTools, and Guest View components.

Product’s EoL arrives, expect no patch

Security researchers at Sternum found an exploitable bug in the Wemo Smart Plug Mini V2. The buffer overflow issue was detected in the second generation version of Belkin's Wemo Mini Smart Plug, posing the risk of arbitrary command injection on vulnerable devices. A cybercriminal can use a community-developed Python application called PyWeMo to circumvent the official Wemo app and gain remote control over the Wemo plug. The product is approaching its EoL, so no fix is to be released.

Related Threat Briefings