Cyware Daily Threat Intelligence
Daily Threat Briefing • Sep 15, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Sep 15, 2022
Other than operating in a secretive manner, cybercriminals often experiment within their environment to revive and reuse their malware and tools. A similar pattern was observed lately with the Webworm hacking group. The actors were seen testing three existing RATs to improve their efficiency and avoid detection. In another update, Securelist reported a malicious bundle consisting of harmful files and the RedLine Stealer to target gamers via YouTube. Some of the famous gaming platforms targeted by hackers include FIFA 22, Final Fantasy XIV, Project Zomboid, Rust, Sniper Elite, and Spider-Man.
Separately, multiple high-severity BIOS vulnerabilities have been found impacting several models of Lenovo. The vendor has fixed the issues in the latest BIOS updates for impacted products and a few other models will be patched next year.
Pro-Ukrainian outfit hacks Russian TV channels
Members of the pro-Ukrainian hacktivist group hdr0 took full responsibility for breaking into Russian TV channels and airing anti-war messages on TV screens. The gang turned to Telegram to claim that the breach affected multiple Russian channels, including Channel One Russia, Russia-24, and Russia-1. The hackers also compared Russia's military invasion of Ukraine to the September 11 terrorist attacks in New York.
Webworm reworks on older malware
Symantec reported that Webworm hackers are trying out ideas to reuse previous malware in novel assaults to avoid attribution and save operational costs. Threat actors are testing customized RATs against Asian IT service providers to gauge their effectiveness. Using an outdated version allows the threat actors to easily mask their operations and blend them with other ongoing attacks, making it difficult for security systems to identify them.
Hackers target gamers on YouTube
Securelist identified a malicious bundle with the RedLine Stealer carrying out attacks on gamers via YouTube. The bundle is a collection of malicious programs with self-propagation functionality and a script to automatically run the unpacked contents. The hackers’ mission relies on videos advertising game cheats and cracks and instructions on how to hack popular games and software.
Fake security app serves malware
A new malware was found targeting NTT DOCOMO users in Japan via the Google Play store. The adversary lured victims via SMS messages (from overseas) containing a Google Play link. McAfee’s Mobile Research team revealed that the app disguises as a mobile security app. However, it is a malware that can pilfer passwords and exploit reverse proxy targeting NTT DOCOMO mobile payment service.
Lenovo faces high-severity flaws
Lenovo addressed high-severity BIOS flaws in hundreds of its models, including Desktop ThinkPad, and ThinkSystem, among others. The flaws, if exploited, might result in privilege escalation, data exposure, DoS conditions, and, in some cases, arbitrary code execution. The identified flaws in the advisory are CVE-2022-40135, CVE-2022-40134, CVE-2022-40137, CVE-2022-40136, CVE-2021-28216, and American Megatrends security enhancements (no CVEs).
**SAP fixes critical vulnerabilities **
SAP has issued eight new and five updated security notes as a part of its September 2022 Security Patch Day. One of the important updates deals with a high-severity vulnerability also described as an unquoted path flaw—in Business One (CVE-2022-35292) that could lead to an escalation of privileges. SAP also addressed BusinessObjects (CVE-2022-39014) and GRC (CVE-2022-39801) security holes. The former could allow an attacker to access sensitive data and the latter could give access to a Firefighter session despite being closed in the Firefighter Logon Pad.