Cyware Daily Threat Intelligence

Daily Threat Briefing • Nov 4, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Nov 4, 2022
A new Group-IB report has shed light on the OPERA1ER threat group that skimmed at least $11 million in approximately 30 attacks in Africa. It targeted banks, financial services, and telecommunications companies. With three ICS vulnerability advisories, the CISA is urging users to heed multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. These bugs risk user systems with threats ranging from sensitive information exposure and file access to arbitrary code execution to the planting of malicious code by hackers.
More bugs were reported in the past 24 hours with Cisco and Splunk Enterprise releasing updates for their buggy products. A majority of them are critical security issues that organizations must patch on priority.
French-speaking loot $11 million
According to Group-IB, French-speaking hacking group OPERA1ER conducted at least 30 cyberattacks against financial and telecom firms and services in Africa. In those attacks, hackers swindled no less than $11 million. The operators had developed a vast network to withdraw stolen cash.
Criminals target Boeing subsidiary
The website of Jeppesen, an American firm offering navigational information and other operation tools, emerged with a breach notification after being hit with a cyberattack. The wholly-owned Boeing subsidiary experienced some flight planning disruptions. However, the scope of the impact is yet to be determined.
LockBit claimed German automotive firm
German multinational automotive parts manufacturing company Continental’s name was added to the leak site of the LockBit ransomware group. The group has threatened to publish all the available data if the negotiation doesn’t go well. It has given the deadline of November 4 to pay the ransom.
RomCom RAT’s new campaign
The operators behind RomCom RAT were observed imitating the official websites of popular software brands to distribute malware in a new campaign. It reportedly targeted SolarWinds Network Performance Monitor (NPM), PDF Reader Pro, KeePass password manager, and Veeam Backup and Recovery software websites, stated Palo Alto Networks’ Unit 42.
CISA advisory for ICS bugs
The CISA released three ICS advisories regarding multiple vulnerabilities in software from ETIC Telecom, Delta Industrial Automation, and Nokia. The most critical was a set of three bugs in ETIC Telecom's Remote Access Server (RAS). Delta Industrial Automation's DIALink products were infected with a path traversal flaw. Meanwhile, three bugs were identified in Nokia's ASIK AirScale 5G Common System.
Cisco addresses multiple bugs
Multiple vulnerabilities in Cisco products, including those labeled high-severity, received a fix. The flaw, tracked as CVE-2022-20961, is the most severe cross-site request forgery (CSRF) flaw in Identity Services Engine (ISE). Another one, assigned CVE-2022-20956, is an authorization bypass flaw that could allow file downloading and deleting options to hackers.
Splunk quarterly patch out
A new set of quarterly patches was issued by Splunk Enterprise that addressed nine high-severity security holes. Three of those, with a CVSS score of 8.8, were observed as remote code execution (RCE), reflected cross-site scripting (XSS) bugs, and XML external entity (XXE) injection. All bugs have been resolved with the release of Splunk Enterprise versions 8.1.12, 8.2.9, and 9.0.2.