Cyware Daily Threat Intelligence

Daily Threat Briefing • Sep 7, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Sep 7, 2023
Beware of low-cost offerings or any shortcuts that promise to enhance your experience with Android-based TV set-top boxes. Cybersecurity experts are warning against a Mirai botnet campaign using similar lures to target potential victims and compromise infected devices for DDoS attacks. In other malware news, we discuss a variant of Atomic Stealer being distributed under a malvertising campaign. Additionally, adversaries are employing compromised ad accounts to purchase advertisements that direct users to phishing websites.
Moving on. Cisco has addressed a CVSS 10.0-rated security issue in BroadWorks calling and collaboration platform, potentially allowing remote attackers to forge credentials and access compromised systems.
Travel booking firm suffers cyberattack
Sabre, a major provider of air passenger and booking data, is investigating a data breach after files allegedly stolen from the company appeared on a dark web leak site. The Dunghill Leak group claimed responsibility for the attack, stating that they had taken about 1.3 terabytes of data, including databases related to ticket sales, passenger turnover, employee information, and corporate financial data. The extent and timing of the breach are still under investigation.
Thousands of Alexa top sites leak sensitive data
Code security firm Truffle Security has identified approximately 4,500 websites in the Alexa top 1 million list that are leaking secrets, including credentials. These websites exposed their .git directory, which can contain sensitive information such as private source code, configuration files, and access credentials. Analysis of the exposed credentials revealed that AWS and GitHub keys were the most prevalent type of leaked secrets, accounting for 45% of all credentials.
Ransomware attack on pediatric dental practice
Just Kids Dental, an Alabama-based pediatric dental practice, is notifying approximately 130,000 individuals that their sensitive information was compromised in a recent cyberattack. The breach affected patients, their parents and guardians, and current and former employees. Rumors are a ransom demand may have been paid to the attackers in exchange for a promise to delete the stolen data, although the practice has not confirmed this.
New Mirai variant for TV set-top boxes
A new Mirai variant has been discovered infecting low-cost Android TV set-top boxes commonly used for media streaming. These devices, such as the Tanix TX6 TV Box and MX10 Pro 6K, were targeted due to their quad-core processors, which can launch powerful DDoS attacks even in small swarms. The malware arrives on these devices through malicious firmware updates or pirated content apps, with the latter promising access to copyrighted TV shows and movies for free or at a low cost.
New Atomic Stealer macOS variant
Researchers at Malwarebytes have identified a new version of the Atomic Stealer macOS malware that employs a technique to bypass the operating system's Gatekeeper security feature. In this campaign, the malware masquerades as the popular TradingView platform. Victims are redirected to a phishing site, where they unknowingly download Atomic Stealer. This malware bypasses Gatekeeper by not requiring installation in the Mac's Apps folder and uses an ad-hoc signed app, preventing revocation by Apple.
Cisco patches critical vulnerability
Cisco has released patches for a critical severity vulnerability, CVE-2023-20238, in the BroadWorks calling and collaboration platform. The vulnerability could be exploited by attackers to forge credentials and access affected systems. Although the attacker would need a valid user ID associated with the affected BroadWorks system, the flaw has a CVSS score of 10.0. Cisco has also released patches for a high-severity denial-of-service (DoS) vulnerability in the Identity Services Engine (ISE), which impacts versions 3.1 and 3.2 of ISE.
Multiple flaws found in Defunct Zavio security cameras
BugProve, an IoT firmware analysis platform provider, has disclosed numerous vulnerabilities discovered in security cameras manufactured by the now-defunct Chinese company Zavio. These vulnerabilities, totaling more than 34, affect various Zavio IP camera models and can lead to unauthenticated RCE with root privileges in seven instances. Since affected cameras will not receive patches, users were advised to replace these.
Global investment fraud uncovered
A widespread investment fraud campaign that relies on social media advertising has been unveiled by researchers at Group-IB. Nearly 900 scam pages have been associated with this campaign, with 60% targeting users in the Middle East and Africa. Victims clicking on the ads are directed to fake investment pages impersonating legitimate financial and insurance companies, among others. The scammers request personal information and bank details from victims and employ pressure tactics to extort money from victims.