Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Oct 3, 2022

The notorious North Korean hacking group Lazarus has added another new malware to its arsenal. Dubbed FudModule, the rootkit exploits a set of five vulnerabilities affecting Dell DBUtil drivers that enables the attackers to deploy several malicious tools on a victim’s system, including droppers, loaders, and backdoors. Meanwhile, accidental exposure of patients’ personal data has been averted after Canon Medical issued patches for two cross-site vulnerabilities affecting its Vitreal View tool.

There has been a spike in the activities by Bumblebee as researchers observe a new iteration of the malware loader. Active since June, the new version used VHD files to execute PowerShell scripts.

Top Breaches Reported in the Last 24 Hours

Shangri-La hotel group hacked

A data breach at the Shangri-La hotel group compromised the personal information of its customers. The breach occurred between May and July after hackers gained unauthorized access to its IT network. This impacted the hotels located in Hong Kong, Singapore, Chiang Mai, Taipei, and Tokyo. The organization ascertained no indication of any guest data being misused.

Top Malware Reported in the Last 24 Hours

New rootkit associated with Lazarus

A newly found FudModule rootkit is associated with Lazarus’ ongoing Operation Dream Job campaign. The rootkit is being used to exploit five vulnerabilities (collectively tracked as CVE-2021-21551) affecting Dell DBUtil drivers. This enables attackers to deploy several malicious tools on a victim’s system, including droppers, loaders, and backdoors.

Bumblebee continues to evolve

Bumblebee is constantly evolving as researchers observe a spike in its activities. In the recent iterations, it is found that the malware loader has shifted from the use of ISO to VHD format files containing a PowerShell script. The latest version of the malware is believed to have first appeared in June.

New Pegasus spyware attack

Several high-profile personalities, including journalists and human rights defenders, were targeted in a new zero-click attack that installed the infamous Pegasus spyware. The attack occurred between 2019 and 2021, according to a report.

Top Vulnerabilities Reported in the Last 24 Hours

Reflected XSS flaws expose data

Two reflected Cross-Site Scripting (XSS) flaws, collectively known as CVE-2022-37461, found in Canon Medical’s Vitrea View allowed anyone to view shared medical images of patients. The flaws not only enabled access to patient information but can also allow attackers to obtain additional access to various services associated with Vitrea View. Canon Medical has addressed the flaws with the release of Vitrea View version 7.7.6.

Atlassian Bitbucket vulnerability exploited

CISA has added a new Atlassian Bitbucket vulnerability to its Known Exploited Vulnerabilities Catalog as it issues a warning of its exploitation in the wild. Tracked as CVE-2022-36804, the flaw is linked to a command injection bug impacting multiple API endpoints of Bitbucket Server and Data Center.

Related Threat Briefings