Cyware Daily Threat Intelligence
Daily Threat Briefing • Oct 7, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 7, 2022
We like to believe that high-class, big-score heists are only shown in movies. But Binance Bridge was robbed of two million Binance coins for real, incurring a loss of more than $570 million. In other news, a Russia-linked threat actor was found offering a one-stop shop for different malware modules in underground forums. A false version of a popular network admin tool hit about 80 organizations around the world.
The U.S. federal agencies released a joint advisory to reveal the security vulnerabilities exploited by China’s state-sponsored threat actors since 2020. We live in a time when hackers can control our smart light systems. In a recent incident, attackers took advantage of vulnerabilities in the Ikea smart light system that allowed them to fully brighten the bulbs, without giving the users control. Meanwhile, cybercriminals were found spoofing Zoom in a credential phishing attack, stealing Microsoft user credentials.
Binance Bridge loses millions of dollars
Hackers stole an estimated two million Binance coins (BNB) from Binance Bridge, a popular cross-chain bridging service. The hack impacted the BSC Token Hub—the bridge between BNB Beacon Chain and BNB Chain—and potentially landed the firm a loss of over $570 million. According to a researcher, the hacker managed to exploit a vulnerability in the bridge’s proof verification process that allowed them to forge arbitrary messages.
**Fake tool attacks 80 organizations **
A backdoored version of the popular tool, Advanced IP Scanner, which is used by network administrators to manage local area networks, has impacted at least 80 organizations around the globe. The malicious software, named AdvancedIPSpyware, was hosted on two sites whose domain names are almost similar to the genuine Advanced IP Scanner website, differing only by one letter.
Dunedin’s web services down
A cybersecurity incident has led to the unavailability of email addresses and some online functions in the city of Dunedin, Florida. Some of the disrupted services were online permit payments, utility billing, and inspection scheduling.
One-stop shop for malware modules
A Russia-linked threat group associated with the Eternity group, aka EternityTeam or Eternity Project, is growing its malware-as-a-service operation by offering a multifunctional malware, dubbed LilithBot, via a subscription model on Telegram. Active since at least January, the group has been found distributing different Eternity-branded malware modules in underground forums.
Flaws exploited by Chinese hackers revealed
The NSA, the CISA, and the FBI revealed the top security vulnerabilities exploited by hackers sponsored by the People’s Republic of China (PRC) since 2020. The attackers aimed to target government and critical infrastructure networks to gain access to sensitive networks and steal intellectual property. In a joint advisory, the three federal agencies recommended mitigations for each of the security flaws, as well as detection methods and vulnerable technologies to help defenders identify and thwart incoming attack attempts.
Flaws in Ikea smart light system
Attackers could take over control of Ikea smart light bulbs, turning the bulbs up to full brightness and leaving users unable to turn them off through the app or remote control. They could take advantage of two vulnerabilities (CVE-2022-39064 and CVE-2022-39065) in the Ikea Trådfri smart lighting system if they re-sent the same malformed Zigbee frame (IEEE 802.15.4) over and over again.
Dex patches authentication bug
Dex, an OpenID Connect (OIDC) identity service, patched a critical vulnerability that could allow hackers to fetch an ID token via an intercepted authorization code and potentially gain unauthorized access to client applications. It leverages a simple identity layer on top of the OAuth 2.0 protocol to power authentication for other apps.
Zoom suffers phishing attack
A credential phishing attack spoofed the video telephony software platform Zoom to steal victims’ Microsoft user credentials. With a socially-engineered payload, the email attack bypassed Microsoft Exchange email security and would have been delivered to more than 21,000 users if Armorblox had not prevented this malicious email attack.