Go to listing page

Cyware Daily Threat Intelligence, August 09, 2022

Cyware Daily Threat Intelligence, August 09, 2022

Share Blog Post

Phishing is a simple yet powerful technique to trick people. A hacker group has been redirecting users to LogoKit, a malicious phishing kit, through open redirect vulnerabilities in online services and apps. Sadly, not many online services treat these bugs as critical. Moreover, email phishing worked on an employee at an email marketing firm, letting a hacker successfully harvest crypto-related user data. The stolen data is now at the mercy of hackers.

Windows 11-supported CPUs have found themselves in new trouble. Windows devices supporting the newest Vector Advanced Encryption Standard (VAES) were found exposed to a data loss risk owing to security lapses. Microsoft says users may have experienced some performance glitches, hence, advised to install updates.

Top Breaches Reported in the Last 24 Hours


Data incident at Klaviyo
Email marketing firm Klaviyo disclosed a breach wherein an unauthenticated user stole an employee's credentials via a phishing attack. The hacker accessed its internal systems and downloaded information regarding cryptocurrency-related accounts. The victim firm also issued a warning to customers against targeted phishing or smishing attacks using the stolen data.

Misconfigured AWS bucket
PlatformQ, a provider of digital engagement solutions for healthcare and educational institutions, has experienced a data exposure event in the wake of an unprotected database server. Findings by VPNOverview suggest that it concerns the data of roughly 100,000 doctors, nurses, and other healthcare professionals employed with major hospitals across the U.S.

Top Malware Reported in the Last 24 Hours


New botnet enslaves over 3,000 hosts
Qihoo 360's Netlab has unearthed the new Orchard botnet using Bitcoin creator Satoshi Nakamoto's account transaction information to generate the DGA domain name. DGA is a technique for botnets to hide their C2 servers. The botnet is primarily used to fetch additional payloads onto a targeted system. Orchard has reportedly been revised thrice since February 2021.

LogoKit via open redirect vulnerabilities
Researchers at Resecurity have observed hackers using open redirect vulnerabilities in online service domains and apps, such as Snapchat, to bait unsuspecting users. The use of this tactic allows hackers to deliver phishing content while dodging spam filters. The specially crafted URLs lead users to malicious resources with a phishing kit called LogoKit.

Top Vulnerabilities Reported in the Last 24 Hours


Windows systems found flawed
Microsoft announced that Windows devices that support the newest Vector Advanced Encryption Standard (VAES) are vulnerable and can impact data on Windows 11 and Windows Server 2022. The vulnerable devices use either AES XEX-based tweaked-codebook mode with ciphertext stealing (AES-XTS) or AES with Galois/Counter Mode (GCM) (AES-GCM) on the new hardware. Windows Updates KB5014746 and KB5014019 address the issue.

Two vulnerabilities in Exim, one critical
Mail transfer agent Exim was found affected by a couple of flaws, with one of them falling in the most severe category for allowing remote code execution. The critical flaw, identified as CVE-2022-37451, can allow an attacker to perform command execution as a root user and then install programs to manipulate data or create a new account. Exim versions prior to 4.96 are impacted by the flaws.

Top Scams Reported in the Last 24 Hours


Classiscam forays into Singapore
Classiscam, a well-coordinated, high-profile scam-as-a-service has reached Singapore, after strolling around 64 countries in Europe and Asia. Experts at Group-IB say these scammers act as legitimate buyers but have the intention to harvest users’ payment data. Notably, cybercriminals rely heavily on Telegram bots for their operation. The scammer gang was the most active during the pandemic.

 Tags

orchard botnet
classiscam
satoshi nakamoto
platformq
exim
klaviyo
open redirect vulnerabilities
cve 2022 37451
logokit
vector advanced encryption standard vaes
microsoft windows 11

Posted on: August 09, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.