Cyware Daily Threat Intelligence
Daily Threat Briefing • May 30, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • May 30, 2023
QBot has once again transitioned to an alternative infection method. In the new phishing campaign, attackers are reportedly targeting a bug in Windows WordPad executable to compromise devices. The attack could culminate in threat actors stealing corporate data or crippling the victim firm with a ransomware attack. The malicious stride continues with a new Android threat dubbed DogeRAT. Though it appears to have global aspiration, its attacks were predominantly detected in India with potential victims spread across multiple industries, especially banking and entertainment.
The CISA has asked government agencies and private organizations to scan their networks and systems if they were impacted by the Barracuda zero-day flaw that concerns Email Security Gateway (ESG) appliances.
Crypto-firm loses millions of dollars
Jimbos Protocol, a decentralized liquidity platform operating on the Arbitrum system, was struck by a flash loan attack that drained approximately $7.5 million worth of assets in cryptocurrency (~ 4090 ETH). The attacker executed a flash loan of $5.9 million and utilized it to manipulate the market and distort the price range. After conducting trades with the manipulated tokens, the attacker managed to escape with a total of 4,090 ETH.
RaidForum secrets leaked
Admin of a dark web forum called 'Exposed,’ leaked a database pertaining to the members of RaidForums. The leaked data consists of a single SQL file containing the registration details of 478,870 forum members and other information related to the forum software. Notably, law enforcement authorities had seized the RaidForums website in April 2022.
QBot abuses Wordpad bug
QBot operators are exploiting a DLL hijacking flaw in the Windows 10 WordPad executable known as write.exe to avoid detection. The infection may lead to the exposure of a user's email address which could be utilized in future phishing attacks. Furthermore, the impacted device can be infected by downloading other payloads, such as Cobalt Strike, for initial access. Experts revealed attackers can spread laterally throughout the network.
DogeRAT targets Indian users
A new Android malware threat was discovered targeting users primarily located in India. Named DogeRAT, the malware is distributed through social media and messaging platforms disguised as Opera Mini, OpenAI ChatGPT, and premium versions of Netflix and YouTube. It can gain unauthorized access to a user’s sensitive data, including contacts, messages, and banking credentials.
CISA warns against Barracuda flaw
In a warning issued by the CISA, officials have directed FCEB agencies and other companies to investigate compromised Barracuda ESG appliances. The warning is regarding a zero-day vulnerability tracked as CVE-2023-2868. Cybercriminals were spotted exploiting the bug last week to gain access to Barracuda ESG appliances. Vulnerable devices were patched by May 21.
**Critical PrinterLogic vulnerabilities **
A total of 18 security holes were found in PrinterLogic's enterprise management printer solution. These could potentially expose its clientele to various types of attacks, including authentication bypass, XSS attacks, SQL injection, and more. The flaws were brought to the notice of Printerlogic experts who stated that at least one flaw will not be patched.
**Security risks in Wireless speakers **
Several security flaws were uncovered in Sonos One wireless speakers, which have the potential to be exploited for information disclosure and RCE. CVE-2023-27352, CVE-2023-27355, CVE-2023-27353, and CVE-2023-27354 were the reported flaws. These vulnerabilities pose a significant risk as they can allow attackers to access sensitive information and execute malicious code on affected devices.