Cyware Daily Threat Intelligence

Daily Threat Briefing • Sep 22, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Sep 22, 2023
Open-source packages have long been on the radar of cybercriminals as a channel to compromise software supply chains. In a recent incident, a malicious Python package named Culturestreak—hosted on GitLab—was found actively engaging in unauthorized cryptocurrency mining.
Meanwhile, Apple patched three zero-day vulnerabilities, with suspicions of exploitation by a spyware vendor. However, it has not shared any details about the exploitation of the new vulnerabilities. Still, the worrying part is that the bugs impact all the versions of Safari, iOS and iPadOS, and macOS. A set of four high-severity vulnerabilities was fixed in Atlassian products as well. The most critical of the bunch, affecting Bitbucket, posed a remote code execution risk, whereas other bugs presented threats such as exposing exploitable assets and triggering a DoS condition.
Ohio community college suffers data breach
Lakeland Community College in Ohio has disclosed a data breach that occurred between March 7 and March 31, potentially impacting 290,000 individuals, including two Maine residents. While details of the breach remain undisclosed, the Vice Society ransomware group had previously listed the college on its data leak site. An investigation revealed that a variety of information was removed from the college's network.
Air Canada data impacted
Air Canada disclosed a cyberattack where a threat actor gained limited access to an internal system containing some employees' personal information and records. The attack didn't impact flight operations or customer-facing systems, and no customer data was compromised. Air Canada has contacted affected individuals, reported the incident to authorities, and implemented security enhancements to prevent future breaches. The identity of the threat actor remains unknown.
Personal data of Pakistanis compromised
Over two million Pakistani citizens are at risk of data exposure due to a breach in a private company-made database used by hundreds of restaurants. The breach exposed customers' personal information, including credit card details and addresses, and the stolen data was being offered for sale. Hackers claimed to have accessed the databases of over 250 restaurants.
Malware wrapped as Python package
Security researchers have identified a malicious open-source Python package called Culturestreak hosted on GitLab. When downloaded and deployed, the package runs an infinite loop that exploits system resources for unauthorized cryptocurrency mining, specifically to harvest the Dero cryptocurrency. Developers have been advised to thoroughly vet code and packages from unverified or suspicious sources. Indicators of compromise (IoCs) have been provided to help identify impacted systems.
Atlassian addresses high-severity issues
Atlassian has released patches for four critical vulnerabilities affecting its Jira, Confluence, Bitbucket, and Bamboo products. The most severe of these is an RCE flaw in Bitbucket (CVE-2023-22513), while another is a denial-of-service (DoS) issue in Confluence (CVE-2023-22512). Additionally, there is a third-party dependency problem (CVE-2023-28709) in Apache Tomcat used by Bamboo. A deserialization of an untrusted data bug (CVE-2022-25647) was also discovered in Jira.
Apple patches three zero days
Apple has released updates for its operating systems to patch three new zero-day vulnerabilities, namely CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993. While iOS, macOS, iPadOS, and watchOS are all impacted, active exploitation has only been confirmed in iOS versions prior to 16.7. Researchers indicate potential exploitation by commercial spyware vendors. In that attack, the spyware was delivered to an employee at an international civil society organization based in Washington DC.
Booking scam steals card data
Security researchers have uncovered a sophisticated information-stealing campaign targeting the users of travel booking site Booking[.]com. Cybercriminals initiate contact under the guise of making reservations or dealing with special requests, ultimately leading to the deployment of info-stealing malware that collects sensitive data. After compromising the initial target, hackers gain access to communications with legitimate customers and send phishing messages requesting additional credit card verification.