A new threat that can facilitate unskilled bad actors in breaching organizations and launching attacks using remote access trojans (RATs) has been observed lately. Dubbed as malware ‘meal kits,’ these toolkits are gaining traction on underground forums, for their capability to bypass advanced detection solutions and launch RAT attacks. In another new threat, the Russia-based Turla APT has deployed a new version of the Kazuar backdoor that supports over 40 commands to perform a wide range of malicious activity.

Moving on, concerning mass exploitation of a recently patched critical vulnerability in F5’s BIG-IP, within five days of the disclosure of its PoC, has come to the notice of researchers. Organizations are urged to exercise caution and update to the latest versions to stay safe.

Top Breaches Reported in the Last 24 Hours

British library faces IT outage

The British Library is facing a major IT outage, impacting some of its online services and public Wi-Fi, following a cyberattack that took place on October 28. While technical details about the attack have not been disclosed yet, the institution is working along with cybersecurity experts and the National Cyber Security Centre (NCSC) to investigate the incident. Meanwhile, some of the unaffected online services are available to the public.

Ace Hardware suffers cyberattack

A cyberattack crippled business operations at Ace Hardware. As a result, many of its key operating systems, including ACENET, its warehouse management systems, the Ace Retailer Mobile Assistant (ARMA), Hot Sheets, Invoices, Ace Rewards, and the Care Center’s phone system, have been suspended.

WiHD leaks torrent user details

An unprotected Elasticsearch instance belonging to World-in-HD (WiHD), a popular torrent tracker specializing in HD movies, has exposed 97,327 accounts, including the email and passwords of users. The exposed data also includes service information and hashed passwords for all the users. Threat actors can gain access to this data to perform illicit activities.

COVID-19 test details on sale

The COVID-19 details of nearly 815 million people have been dumped on the dark web for sale. The data sample, which amounted to over 90 GB, was held by the Indian Council of Medical Research (ICMR). It includes names, phone numbers, and addresses of individuals.

Top Malware Reported in the Last 24 Hours

Rise in malware ‘meal kits’

There has been a rise in the availability of malware ‘meal kits’ for less than $100 to fuel a surge in campaigns using remote access trojans (RATs). The sneaky kit provides low-skill attackers the ability to sidestep detection and infect unsuspecting users’ systems with RATs. According to researchers, the toolkit was observed in two separate campaigns that deployed Vjw0rm and Parallax trojans.

Malicious NuGet packages discovered

A supply chain attack campaign, which has been active since August, is being used to deploy malware on developers’ machines. The malware is distributed via malicious packages published on the NuGet repository. Additionally, threat actors have been observed updating their tactics, such as exploiting NuGet’s MSBuild integrations feature, to stay under the radar and trick developers into downloading malware onto their systems.

New version of the Kazuar backdoor spotted

Researchers have spotted a new version of the Kazuar backdoor used by the Russian APT group Turla. Written in .NET, the malware is used as a second-stage payload to evade detection. It also supports over 40 distinct commands, half of which were previously undocumented. Some of these commands can enable attackers to pilfer credentials, manipulate files, and execute arbitrary commands.

New KANDYKORN malware discovered

North Korean state-sponsored threat actors have been found using a new macOS malware, dubbed KANDYKORN, to target blockchain engineers of an unnamed crypto exchange platform. The malware, attributed to the Lazarus APT group, comes with a variety of capabilities to monitor victims’ systems, avoid detection, run additional malware, exfiltrate data, and terminate processes.

Top Vulnerabilities Reported in the Last 24 Hours

F5’s BIG-IP flaw exploited

Threat actors have begun exploiting a recently patched critical vulnerability in F5’s BIG-IP product in less than five days after the PoC was published. The flaw is tracked as CVE-2023-46747 and has a CVSS score of 9.8. While the flaw has been addressed, a new PoC exploit from the Project Discovery team shows that it can be chained with another new flaw (CVE-2023-46748) to launch attacks. The new flaw is an SQL injection vulnerability that exists in the BIG-IP configuration utility.