Cyware Daily Threat Intelligence
Daily Threat Briefing • Sep 5, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Sep 5, 2022
Browsers collect tons of sensitive information about a user and any mishap in protecting those may have unpleasant consequences. In that light, Google has urged users to address a Chrome zero-day that impacts Windows, Mac, and Linux platforms, as soon as possible. The tech giant has also confirmed that there exists an exploit in the wild. In other news, an Iranian hacker leaked the source code of CodeRAT on GitHub after being confronted by SafeBreach Labs’ researchers. The attack campaign is seemingly halted by the actors.
Moving on, meet the new Phishing-as-a-Service (PhaaS) model - EvilProxy. Through this, threat actors can bypass 2FA authentication to steal credentials. Employees at Fortune 500 companies were targeted by hackers in campaigns involving EvilProxy.
Korean electronics giant suffered breach
Samsung blurted out the personal details of its customers in the U.S owing to a cyberattack. The attack reportedly occurred around August 4, exposing their names, contact details, demographic information, and more. The firm has urged customers to be cautious of any phishing activities or downloading attachments from any such messages.
French clothing firm hit by Hive
The sales network of clothing brand Damart, France, faced disruption due to a ransomware attack by the Hive group. The attack that reached the Active Directory network of the brand to launch an attack impacted 92 of its stores. Hackers have demanded $2 million in ransom. It’s not clear whether hackers pilfered any data during the incident.
Third-party breach impacts KeyBank
KeyBank announced that hackers managed to steal personal data, such as SSNs, addresses, and account details, of home mortgage holders from its servers via a breach at a third-party vendor’s network. Overby-Seawell Company, the vendor, works with multiple critical entities across banks, credit unions, finance companies, mortgage servicers, and property investors.
New PhaaS infrastructure
EvilProxy, a new phishing-as-a-service, developed by several notable underground actors, has apparently surfaced on the dark web platforms. The report suggests that several notable cybercriminals are behind it, who are using Reverse Proxy and Cookie Injection methods to bypass 2FA authorization. Employees from Fortune 500 companies were also targeted through this.
SharkBot circumvents Google Play checks
An upgraded version of a SharkBot dropper has been found. The new variant asks unsuspecting users to install a fake antivirus update coupled with the malware, whereas the previous variants relied on Accessibility permissions for infection. Security researchers stumbled across a couple of infected apps on the Google Play Store having over 60,000 installs.
CodeRAT source code leaked
The source code of CodeRAT was leaked on GitHub after malware analysts confronted its author about the RAT tool being used in attacks. Analysts revealed that it is an Iran-based campaign that targets Farsi-speaking IT employees. It attaches a malicious Word doc containing a Microsoft Dynamic Data Exchange (DDE) exploit.
Patch Chrome zero-day ‘immediately’
Chrome users on Windows, Mac, and Linux users are vulnerable to a newly discovered zero-day bug. Tracked as CVE-2022-3075, the bug is being exploited by cyber adversaries in the wild. It is a critical issue relating to insufficient data validation in Mojo, a collection of runtime libraries used in Chromium. More information on the bug hasn’t been made public for now to prevent any further exploitation.