Cyware Daily Threat Intelligence
Daily Threat Briefing • May 18, 2023
A new ransomware group appeared in the cyber landscape. Named MalasLocker, the threat group is breaching Zimbra servers, albeit the intrusion method remains unknown. It marks itself different from usual ransomware groups as its operators ask for a donation to a charity they approve of. A security researcher uncovered a vulnerability in the open-source password manager KeePass and revealed that it can be exploited to extract the master password from the software's memory. The bug affects the Windows version, and potentially Linux and macOS versions, noted experts.
In another vein, Cisco’s Small Business Series Switches have been singled out by security experts due to multiple flaws in them. Out of the nine flaws reported, four were classified critical with a CVSS score of 9.8 out of 10, posing risks of RCE attack or DoS condition.
Top Breaches Reported in the Last 24 Hours
Ransomware disrupts operations at tech firm
Technology provider firm ScanSource disclosed that it was targeted by a ransomware attack that compromised some of its systems, impacting business operations and customer portals. A delay in service is anticipated for operations primarily in North America and Brazil. The ransomware group behind the attack is still unknown.
Top Malware Reported in the Last 24 Hours
New ransomware strain abuses Zimbra flaws
MalasLocker emerged as a new ransomware operation, since the end of March, targeting Zimbra servers. The group gains access to servers by exploiting vulnerabilities in Zimbra software. Instead of demanding a ransom payment, MalasLocker demands a donation to a charity to provide a decryptor and prevent data leakage. The group’s data leak site has three companies listed currently, along with Zimbra configuration details for 169 other targeted victims.
Guerrilla malware by Lemon Group
Trend Micro, which has been tracking different operations related to the Triada Android trojan, has uncovered yet another malware that comes preinstalled on devices and is tracked as Guerrilla. While researchers suspect a connection between the groups behind the two different malware, the latter is reportedly the work of Lemon Group. It is estimated that the malware has impacted millions of devices worldwide.
Top Vulnerabilities Reported in the Last 24 Hours
KeePass bug exposes master password
A critical security flaw in the password manager KeePass has been identified, which enables an attacker to retrieve the plaintext master password from a user's workspace when the workspace is locked. The flaw, earmarked CVE-2023-32784, was disclosed publicly and a PoC exploit was also shared. The issue specifically impacts SecureTextBoxEx, the custom text box within the KeePass software for entering passwords.
Smart switches, but with flaws
Cisco mitigated nine vulnerabilities in its Small Business Series Switches, which could be potentially abused by an unauthenticated user. This could lead to the remote execution of arbitrary code with root privileges on an affected device or trigger a DoS situation. The vulnerabilities arise from inadequate validation of requests received by the web interface of the affected switches. Some switch series have reached EoL, implying they won’t receive any firmware updates.