Go to listing page

Cyware Daily Threat Intelligence, April 12, 2022

Cyware Daily Threat Intelligence, April 12, 2022

Share Blog Post

Hundreds of medical firms using Aethon TUG smart autonomous robots may be at risk of remote hijacks owing to a set of five new vulnerabilities called JekyllBot:5. However, the vendor has taken prompt action by releasing patches for these critical flaws that can let attackers gain access to real-time camera feeds, disrupt the timely delivery of patient medication, and interfere in operations.

In other threats, Sandworm APT has been associated with a new Industroyer-2 malware that was used to target electric power systems in Ukraine. The operators behind QBot trojan have also shifted to a new evasion tactic that involves the use of MSI Windows Installer packages.

Top Breaches Reported in the Last 24 Hours

500,000 individuals impacted
Christie Business Holdings Company revealed a data breach that affected the personal information of roughly 500,000 individuals. Threat actors gained unauthorized access to compromised email accounts between July and August 2021. According to the healthcare services provider, no electronic medical records and the firm’s patient portal were impacted in the incident.

Zenga confirms a ransomware attack
The Italian luxury fashion house Ermenegildo Zegna has confirmed a ransomware attack that resulted in an extensive IT systems outage. The attack occurred in August 2021 and was the work of the RansomEXX ransomware group.

DDoS attack on Ministry of Culture 
The Anonymous collective group has leaked 446 GB of data after launching DDoS attacks against the Russian Ministry of Culture. The dumped data includes around 600,000 new emails associated with the ministry.

Panasonic Corp. hit
Japanese conglomerate Panasonic Corp. confirmed that its Canadian operations were hit by Conti ransomware in February. This affected some of its systems, processes, and networks. The firm took immediate actions to contain the attack.

New spear-phishing attack
A new spear-phishing attack associated with the DPRK-nexus threat actor has been observed by researchers. The email contains Korean-based malicious documents with different lures to target its victims. The main goal of the attack is to steal data from South Korean citizens. 

Top Malware Reported in the Last 24 Hours

QBot trojan updated
The operators behind Qbot trojan are now leveraging MSI Windows Installer packages to push the malicious payload. The packages are embedded within password-protected ZIP archive attachments that are sent via phishing emails. This is the first time that the operators are using this tactic, switching from their standard way of delivering the malware via Microsoft Office documents.

New Industroyer-2 malware
CERT-UA has released mitigation measures about a new variant of the Industroyer malware dubbed Industroyer-2. The malware variant was used by Sandworm APT to launch attacks against high-voltage electrical substations in Ukraine. It is capable of interacting with industrial control systems typically found in electric power systems.

Top Vulnerabilities Reported in the Last 24 Hours

CISA urges to patch WatchGuard flaw
The CISA has urged federal agencies to patch a WatchGuard firewall vulnerability that is being actively exploited in the wild. The vulnerability, tracked as CVE-2022-23176, affects the Fireware OS running on WatchGuard Firebox and XTM appliances. It can allow threat actors with unprivileged credentials to access the system with a privileged management session via exposed management access.

JekyllBot:5 vulnerability
A set of five newly discovered vulnerabilities called JekyllBot:5 can be exploited to remotely hack Aethon’s TUG autonomous mobile robots. The flaws are related to the lack of authorization and identity checks and unsanitized user input. An attacker can allow attackers to add new admin users to systems, access user credentials, connect to control servers, and hijack the robots.

Chrome 100 updated
Google has rolled out patches for 11 vulnerabilities affecting its Chrome 100 browser. Eight of these are rated high severity and two as medium severity. Six of these security vulnerabilities holes are use-after-free bugs. Some of these flaws can lead to remote code execution attacks.

 Tags

watchguard flaw
ermenegildo zegna
dprk nexus threat actor
jekyllbot5
qbot trojan

Posted on: April 12, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.