Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Oct 10, 2022

vm2, the most popular Javascript sandbox library with around 17.5 million monthly downloads, has an RCE vulnerability with a CVSS score of 10. Named Sandbreak, the flaw poses a major threat to modern applications as threat actors can impact a sandbox environment, performing a range of critical actions from examining attached files in email servers to isolating actively running applications. Intel 12th generation Alder Lake CPU source code has been leaked online. The code base, by the size of the leak, appears massive.

Separately, crypto thieves have launched a new attack campaign against Solana HODLers. They are targeting users by airdropping NFTs about new Phantom security updates.

Top Breaches Reported in the Last 24 Hours

BidenCash released 1.2 million card data

Cyber burglars behind popular dark web carding site BidenCash dumped 1,221,551 credit and debit card details, to promote their underground shop. Leaked details include card number, expiry date, CVV, owners’ names, bank name, full address, DoB, email, and phone number. The platform mainly hosts Russian and English-speaking threat actors.

Phishing impacts Australia's largest horticultural firm

Costa Group, a major supplier of produce to food retailers in Australia, revealed that cybercriminals compromised one of its servers on August 21 through phishing. The server held data for employees in the berry section. An investigation found that only about 10% of the data on the file server was accessed by attackers. It did not share details on the number of victims or the size of the files affected.

Singtel’s Dialog Group faces cyberattack

Singtel-owned consulting unit Dialog Group revealed unauthorized access to its servers that may have exposed company data of up to 20 clients and 1,000 of Dialog’s current and former employees. The networks at Australia-based Dialog were pulled offline in the wake of the breach. The ongoing investigations display no signs of unauthorized downloading of data.

Open database encrypted by criminals

Experts at Cybernews stumbled across an open database pertaining to a Harvard Business Publishing licensee in Turkey, called Infomag. The unprotected MongoDB instance contained 152,000 customer records. Three days later, experts found that the database was hit by a ransomware group. The group threatened the victim with making the data public and about the huge fine it may attract under GDPR violations.

Source code leak for Intel processors

The source code for the UEFI BIOS of Alder Lake CPUs, Intel's 12th-generation processors, has been leaked. A link on 4chan led researchers to a GitHub repository containing 5.97GB of files, source code, change logs, private keys, and compilation tools. The exposed files contained several references to integrations with Lenovo String Service, Lenovo Secure Suite, and Lenovo Cloud Service.

Top U.S. hospital crippled by ransomware

CommonSpirit, one of the largest hospital chains in the U.S., suffered a major disruption in its services and operations owing to a ransomware attack. A part of its infrastructure was disconnected from the internet to contain the attack. According to reports, CHI Memorial Hospital (Tennessee), some St. Luke’s hospitals (Texas), and Virginia Mason Franciscan Health (Seattle) were impacted by the attack.

Top car manufacturer leaked customer data

Toyota Motor, the world’s largest car manufacturer, claimed that it inadvertently laid bare 296,000 customer records and assigned customer numbers via its T-Connect service. It warned that customers are at risk of social engineering attacks and phishing scams. The exposure is due to a website designer for the T-Connect website who uploaded parts of the source code with public settings.

Top Malware Reported in the Last 24 Hours

Malicious NFTs for Solana HODLers

Hackers were found sneaking into the devices of Solana crypto HODLers by hiding behind a new Phantom security update. They are airdropping infected NFTs to Solana owners that may deploy password-stealing malware leading to the theft of cryptocurrency wallets. The attack began roughly two weeks back with NFTs titled 'PHANTOMUPDATE.COM' or 'UPDATEPHANTOM.COM.'

Meta warns against malicious apps

Meta shared an update about 400 malicious Android and iOS apps that have been targeting device users across the globe to steal their Facebook login information. A majority of these were disguised as photo editors, games, VPN, services, business apps and other utilities to trick people into downloading them. The findings were reported to Google and Apple who are reportedly making potentially impacted people aware of safe practices.

Top Vulnerabilities Reported in the Last 24 Hours

Unpatched Zimbra zero-day under attack

The exploitation of a zero-day RCE bug, with a CVSS score of 9.8, in the Zimbra Collaboration Suite is underway. Tracked as CVE-2022-41352, the bug is due to the way Zimbra’s antivirus engine (Amavis) scans inbound emails. Rapid7 researchers have provided technical details, including a PoC exploit code and IOCs regarding the bug on AttackerKB. The firm has offered a workaround as the bug is yet to be patched.

Critical vulnerability in Fortinet products

Cybersecurity firm Fortinet notified some of its customers of a sensitive and remotely exploitable flaw. The flaw, identified as CVE-2022-40684, is a critical authentication bypass vulnerability on the admin interface for its FortiOS and FortiProxy products. The warning was marked as ‘strictly confidential’ and recipients were asked not to share the infromation outside their organization.

CVSS 10.0 bug in vm2

Oxeye researchers uncovered a critical sandbox escape vulnerability in a popular JS sandbox library known as vm2. CVE-2022-36067 has received the maximum CVSS score of 10.0 and is dubbed SandBreak. By exploiting this vulnerability, a hacker can bypass sandbox environments and run shell commands on the host machine. Looking at sandbox use cases, its consequences could be widespread and critical.

Related Threat Briefings