The hospitality industry is at risk of advanced information stealer malware attacks in a new campaign that is capable of delivering ransomware payloads as well. While the campaign still remains active, the latest finding reveals that attackers are using reconnaissance emails or instant messages with well-crafted social engineering lures to trick employees. The info-stealers used in the campaign are Lumma Stealer, Vidar Stealer, RedLine Stealer, Stealc, and Spidey Bot.

Meanwhile, two previously undocumented trojans, AtlasAgent and DangerAds, were attributed to a new AtlasCross hacking group campaign that impersonated the American Red Cross to target organizations.

There’s also an update on the new side-channel vulnerability that impacts nearly all modern GPUs provided by Apple, Intel, AMD, Qualcomm, Arm, and Nvidia.

Top Breaches Reported in the Last 24 Hours

DarkBeam leaks data

Unprotected Elasticsearch and Kibana interface belonging to DarkBeam, a digital risk protection firm, were found exposing over 3.8 billion user records online. These included their email addresses and passwords. There were 16 collections named “email 0-9” and “email A-F, each containing 239,635,000 records.

Canadian Flair Airlines leaves data exposed

Canadian Flair Airlines had left credentials for sensitive databases and email addresses publicly accessible via environment (.env) files for at least seven months before the leaks were closed. These vulnerable databases and email addresses were hosted on the flyflair[.]com website and contained personal information such as full names, email addresses, phone numbers, and flight details of passengers.

**Mixin Network hacked **

The Hong Kong-based Mixin Network, an open-source peer-to-peer transactional network for digital assets, was forced to suspend its operations after hackers stole over $200 million in assets from its centralized database. The incident occurred on September 23 and is believed to be the work of the Lazarus group. Blockchain traders estimate that the hackers stole at least $93.5 million in Ethereum and more than $23.5 million in Tether.

PhilHealth struggles to recover from an attack

The Philippine Health Insurance Corporation (PhilHealth) is struggling to recover from a ransomware attack that forced it to take several websites and portals offline. While the investigation is ongoing, affected systems are temporarily shut down to secure application systems. Meanwhile, the organization assured that no personal and medical information has been compromised or leaked.

Top Malware Reported in the Last 24 Hours

New AtlasAgent delivered via AtlasCross APT

The newly discovered AtlasCross hacking group was found using two previously undocumented trojans, AtlasAgent and DangerAds, to target organizations. These trojans were delivered via phishing lures impersonating the American Red Cross and asked recipients to participate in a “September 2023 Blood Drive.” Atlas Agent and DangerAds are designed to infect Windows devices, with the former capable of pilfering system information such as computer names, network adapter information, OS system architecture and version, and a running process list. DangerAds is used as a loader in this campaign.

**Information stealer malware campaign spotted **

Researchers have come across a well-crafted and innovative social engineering attack campaign that is deploying five different information stealer malware, such as RedLine Stealer, Vidar Stealer, Stealc, Lumma Stealer and Spidey Bot, on victims’ systems. The campaign targets the hospitality sector, primarily luxury hotel chains and resorts. While the primary goal is to steal information, at the advanced level, some of these stealers are used to deliver additional payloads on compromised systems.

Malicious code inserted into GitHub

Hackers breached GitHub accounts to insert malicious code disguised as Dependabot contributions in an attempt to steal authentication secrets and passwords from developers. The campaign first came to notice in July, when researchers observed unusual activity on hundreds of public and private repositories.

Top Vulnerabilities Reported in the Last 24 Hours

GPUs vulnerable to side-channel attack

GPUs from six major suppliers, including Intel, AMD, Apple, and Nvidia, are vulnerable to a new side-channel attack, dubbed GPU.zip, that can allow attackers to view usernames, passwords, and other sensitive data on websites. The attack is launched by leveraging a malicious website that places a link to the webpage it wants to read inside an iframe.

Use-after-free vulnerability in Google Chrome

A PoC exploit for a use-after-free vulnerability (CVE-2023-3421) in Google Chrome VideoEncoder, which can be triggered via a malicious web page to launch remote attacks, has been released. The flaw affects Google Chrome version 113.0.5672.127 (64-bit) and Chromium 115.0.5779.0 (Build) (64-bit) and has been fixed in versions 114.0.5735.198 for Mac and Linux and 114.0.5735.198/199 for Windows. It had a CVSS score of 8.8. In a separate case, Google assigned a new CVE ID (CVE-2023-5129) to a flaw in lipwebp open-source library that was exploited as a zero-day in attacks and patched two weeks ago.