Cyware Daily Threat Intelligence
Daily Threat Briefing • Nov 7, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Nov 7, 2022
Robin Banks, of late, has gone through a major transformation. The Phishing-as-a-Service (PhaaS) platform has introduced several new features, including a cookie-stealing capability. Additionally, hackers can now fully access their phishing kit at $1,500 per month. In another breaking news, Microsoft has highlighted the celerity of nation-backed actors in developing exploits for recently uncovered zero-days. Chinese actors happen to be leading the party.
Meanwhile, Apple was found infected with multiple vulnerabilities in its Xcode development environment. The threats due to these ranged from arbitrary command execution to information leaks.
Anesthesia management services hit
A breach incident at Somnia Inc., a New York-based administrative services firm, affected the PII of about 430,000 people across 20 anesthesiology practice institutions. At least five other entities, operating in Virginia, California, Kentucky, Illinois, and Pennsylvania, have also filed breach reports.
LockBit stole Victorian School data
Personal records of thousands of Victorian students and their parents may have been exposed to the LockBit threat group. The hack originally occurred at a third-party vendor, PNORS Technology Group. The firm allegedly works with six different departments in the government of the Australian state, including Education and Training.
Phishing service changes hosting provider
Robin Banks has reportedly relocated its attack infrastructure to Russian hosting services known as DDoS-Guard. Previously, it was counting on Cloudflare for hosting its operations, revealed cybersecurity company IronNet. The cybercriminals involved have also included new features, such as offering a cookie-stealing capability, a 2FA mandate to view the stolen data, or, alternatively, access it via a Telegram bot.
Nation-state actors quick in exploiting zero-days
In a new report, Microsoft revealed that nation-state and other threat actors are increasingly prying on zero-day bugs to infiltrate their targets, potentially even before their public disclosure. Chinese cybercriminals have been observed to be particularly proficient in discovering and developing exploits for zero days. In other cases, researchers reckoned that hackers, on average, take only 14 days to start abusing a zero-day after its public disclosure.
Three bugs patched in Apple Xcode
Apple released a security fix for three Git flaws in the Xcode macOS development environment. The first bug, CVE-2022-29187, is a variant of CVE-2022-24765 that affects multi-user machines by creating a malicious .git directory. Another bug tracked as CVE-2022-39253 could lead to information leaks. The third one, CVE-2022-39260, could lead to arbitrary code execution.