Cyware Daily Threat Intelligence

Daily Threat Briefing • Oct 14, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 14, 2022
Another tech support scam is being floated by a cybercriminal group. Attackers have developed multiple phishing sites that display fake Windows Defender alerts to users. Since last month, researchers have spotted over 50 such phishing websites. In another update, HP Wolf Security laid bare an attack campaign distributing Magniber ransomware. In this campaign, Windows home users are being targeted with fake software updates.
Attention! eCommerce websites running over the Adobe Magento platform need to update their systems as the firm has released a warning about a stored cross-site scripting (XSS) bug. By abusing the bug, a threat actor can seize control of your eCommerce sites.
RansomExx leaks 52GB of healthcare data
Consorci Sanitari Integral, a Spanish public entity that provides medical and social services, was targeted by the RansomExx ransomware group, which has allegedly published 52GB of stolen data on the dark web. Reports say emergency services remained unaffected owing to the attack but medical equipment for specialist visits, including x-ray machines, were unavailable.
Magniber creeps through false security updates
Windows users’ computers are being targeted through fraudulent websites that are promoting fake antivirus and security updates for Windows 10. Accessing these files activates malicious operations and drops ZIP archives that help threat actors launch Magniber ransomware operations. Furthermore, adversaries request payment of up to $2,500 from users to receive a decryption tool and access their files.
PoC exploit for Fortinet bug released online
PoC exploit code for the critical authentication bypass vulnerability, tracked as CVE-2022-40684, was released online. The bug in FortiGate firewalls affects FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1. Whereas, the bug impacted FortiProxy web proxy versions from 7.0.0 to 7.0.6, and 7.2.0 is also impacted. The availability of the exploit poses risks of active targeting of devices by cybercriminals.
eCommerce platforms susceptible to cyberattacks
Adobe calls for attention against a top priority bug in Adobe Magento that could let an unauthenticated user completely compromise e-commerce platforms. The XSS flaw, identified as CVE-2022-35698 and has the full CVSS score of 10, can lead to arbitrary code execution. Hence, the firm has urged customers to update their systems to protect their websites from abuse of the flaw.
Microsoft’s email encryption is leaky
According to WithSecure researchers, a security hole in Microsoft Office 365 Message Encryption (OME) could be leaking sensitive information. OME utilizes the Electronic Codebook (ECB) implementation, which is an operational mode that could leak certain structural information about messages. Such contents could be deciphered to partially or fully understand the message, depending upon how well cybercriminals analyze the location and frequency of repeated patterns for a particular message.
Phishing sites with fake Windows Defender alert
Cyble Research & Intelligence Labs unearthed a phishing scam wherein criminals impersonated Microsoft support sites to show potential victims a fake Windows Defender alert. The alert warns victims about their system being locked and that they need to get in touch. Through this, scammer attempt to access victims’ machines and infect those with malware.