Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Nov 4, 2022

A new Group-IB report has shed light on the OPERA1ER threat group that skimmed at least $11 million in approximately 30 attacks in Africa. It targeted banks, financial services, and telecommunications companies. With three ICS vulnerability advisories, the CISA is urging users to heed multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. These bugs risk user systems with threats ranging from sensitive information exposure and file access to arbitrary code execution to the planting of malicious code by hackers.

More bugs were reported in the past 24 hours with Cisco and Splunk Enterprise releasing updates for their buggy products. A majority of them are critical security issues that organizations must patch on priority.

Top Breaches Reported in the Last 24 Hours

French-speaking loot $11 million

According to Group-IB, French-speaking hacking group OPERA1ER conducted at least 30 cyberattacks against financial and telecom firms and services in Africa. In those attacks, hackers swindled no less than $11 million. The operators had developed a vast network to withdraw stolen cash.

Criminals target Boeing subsidiary

The website of Jeppesen, an American firm offering navigational information and other operation tools, emerged with a breach notification after being hit with a cyberattack. The wholly-owned Boeing subsidiary experienced some flight planning disruptions. However, the scope of the impact is yet to be determined.

LockBit claimed German automotive firm

German multinational automotive parts manufacturing company Continental’s name was added to the leak site of the LockBit ransomware group. The group has threatened to publish all the available data if the negotiation doesn’t go well. It has given the deadline of November 4 to pay the ransom.

Top Malware Reported in the Last 24 Hours

RomCom RAT’s new campaign

The operators behind RomCom RAT were observed imitating the official websites of popular software brands to distribute malware in a new campaign. It reportedly targeted SolarWinds Network Performance Monitor (NPM), PDF Reader Pro, KeePass password manager, and Veeam Backup and Recovery software websites, stated Palo Alto Networks’ Unit 42.

Top Vulnerabilities Reported in the Last 24 Hours

CISA advisory for ICS bugs

The CISA released three ICS advisories regarding multiple vulnerabilities in software from ETIC Telecom, Delta Industrial Automation, and Nokia. The most critical was a set of three bugs in ETIC Telecom's Remote Access Server (RAS). Delta Industrial Automation's DIALink products were infected with a path traversal flaw. Meanwhile, three bugs were identified in Nokia's ASIK AirScale 5G Common System.

Cisco addresses multiple bugs

Multiple vulnerabilities in Cisco products, including those labeled high-severity, received a fix. The flaw, tracked as CVE-2022-20961, is the most severe cross-site request forgery (CSRF) flaw in Identity Services Engine (ISE). Another one, assigned CVE-2022-20956, is an authorization bypass flaw that could allow file downloading and deleting options to hackers.

Splunk quarterly patch out

A new set of quarterly patches was issued by Splunk Enterprise that addressed nine high-severity security holes. Three of those, with a CVSS score of 8.8, were observed as remote code execution (RCE), reflected cross-site scripting (XSS) bugs, and XML external entity (XXE) injection. All bugs have been resolved with the release of Splunk Enterprise versions 8.1.12, 8.2.9, and 9.0.2.

Related Threat Briefings