Cyware Daily Threat Intelligence
Daily Threat Briefing • Nov 11, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Nov 11, 2022
Healthcare organizations in the U.S. are facing heightened threats by ransomware groups, warned HHS. For instance, the Venus ransomware group was deployed on the networks of a healthcare facility. The group routes itself into victims’ systems via publicly-exposed Remote Desktop services. In another finding, a set of flaws can be exploited in the open-source edition of LiteSpeed Web Server for remote code execution attacks. The risk hovers over millions of its users across the world.
Moving on to the popular Foxit Reader, which was updated with fixes for multiple use-after-free security flaws in its JavaScript engine. The bugs, with the CVSS score of 8.8, could be abused for achieving arbitrary code execution by adversaries.
U.K racing circuit under attack
The Royal ransomware group struck Silverstone Circuit, one of the most popular motor racing circuits in the U.K. It is a relatively new ransomware group known for double-extortion methods. The track is known for hosting dozens of F1 grand prix and motorcycle racing events. It is operated by the British Racing Drivers’ Club (BRDC).
New DDoS bot in town
The ASEC analysis team has uncovered attack campaigns dropping njRAT, UDP Rat, and HackHound IRC Bot to victims' devices through webhards. Mostly, attackers distribute malware through malicious programs, such as cracked game software. HackHound IRC Bot is a DDoS Bot malware created by njRAT operators. Meanwhile, UDP Rat is a DDoS Bot supporting UDP flooding attacks.
Banking trojan served through GitHub
The Zscaler ThreatLabz team stumbled across the Xenomorph banking trojan loaded over a lifestyle app called ‘Todo: Day manager,’ in the Google Play store. The malware is dropped via GitHub as a fake Google Service application right during the installation of the app. It opens as an overlay onto legit banking applications to extract users’ credentials.
Warning against Venus ransomware
The HHS raised an alarm regarding the increased threats on the country's healthcare organizations from the Venus ransomware operators. Officials claimed they are aware of at least one incident of the ransomware infection. Unfortunately, there’s no known data leak site (or maybe there isn’t any) pertaining to the threat actors.
Tens of high- and medium-severity bugs in Cisco
Cisco addressed a total of 33 flaws affecting its enterprise firewall products running Cisco Adaptive Security Appliance (ASA), Firepower Management Center (FMC), and Firepower Threat Defense (FTD) software. CVE-2022-20927 is considered to be the most severe flaw. The bug lies in the dynamic access policies (DAP) functionality of ASA and FTD software that could enable hackers to cause a DoS condition.
Security holes in popular web server
OpenLiteSpeed Web Server, which accounts for nearly 1.9 million unique servers, was found to have three high-severity bugs. The first, CVE-2022-0072, is a directory traversal flaw. The other two, CVE-2022-0073 and CVE-2022-0074, are privilege escalation and command injection bugs, respectively.
Privilege escalation flaw in Plesk
A Client-Side Request Forgery (CSRF) bug in Plesk, a web hosting platform, could lead to a variety of potential attacks, including privilege escalation and malicious file upload. The bug in the REST API of Plesk could be exploited through the cookieless CSRF exploit. It could even lead to hijacking the admin user account and taking over the control of the host.
Foxit Reader receives patches
Cisco Talos revealed detail about vulnerabilities in the PDF document reader called Foxit Reader. Tracked as CVE-2022-32774, CVE-2022-37332, CVE-2022-38097, and CVE-2022-40129, these are use-after-free vulnerabilities. Using these, a hacker could trigger the reuse of previously freed memory via a specially crafted PDF document, leading to arbitrary code execution.