After Follina, another critical zero-day has been located in Windows MSDT. It was revealed in the recent Microsoft Patch Tuesday release that witnessed over a dozen other critical bug fixes, including three privilege escalation flaws in Exchange Server. Beware what you extract using the UnRAR utility! The CISA has issued a warning about a path traversal vulnerability in the Linux/UNIX versions of UnRAR. Reports say Zimbra servers are the most likely target.
Hackers emphasized credential stealing by introducing 10 PyPI malicious packages. Security researchers at Check Point warned that the unsuspecting developers installing these packages have risked their software development environment.
Top Breaches Reported in the Last 24 Hours
Breach halts operations at Ski-Doo manufacturer
BRP Inc., a manufacturer of recreational vehicles, has partially suspended its operations in the wake of a cyberattack. The attack could hamper transactions with customers and suppliers, warned officials. It is unclear what all information may have been compromised in the incident.
Top Malware Reported in the Last 24 Hours
Maui ransomware wasn’t alone
Kaspersky revealed its findings regarding the Maui ransomware incident unveiled by CISA last month. The hacker group deployed a variant of the DTrack malware (approximately 10 hours prior) and 3proxy (months earlier) before dropping Maui. The report. Researchers noted that the CISA has extended the list of impacted countries; it includes Japan, India, Vietnam, and Russia.
PennyWise and RedLine in YouTube campaigns
Cyble experts discovered multiple YouTube campaigns spreading PennyWise Stealer and RedLine Stealer malware samples. Hackers lure users by releasing video tutorials on how to install paid software for free. Experts uncovered over 5,000 PennyWise Stealer samples in the last three months.
Android spyware masquerade as Messaging apps
In another study, researchers noted that Bitter APT has been distributing Dracarys Android malware against users in New Zealand, the U.K, India, and Pakistan. The spyware is wrapped in apps posing as Signal, WhatsApp, YouTube, Telegram, and other messaging apps, hosted on various phishing sites.
10 malicious PyPI packages
Check Point outlined ten Python packages mimicking popular software projects through typosquatting and tricking PyPI users into downloading them. These packages were seen exfiltrating users’ credentials. Though the packages were removed, developers were urged to remove them from their systems as they could lay the ground for possible supply chain attacks.?
Top Vulnerabilities Reported in the Last 24 Hours
Microsoft Patch Tuesday fixed MSDT zero-day
Microsoft released 121 as many patches for bugs found in Windows OS and related software. The most severe is a zero-day RCE bug in the Microsoft Support Diagnostics Tool (MSDT). Identified as CVE-2022-34713, it is reportedly a variant of the DogWalk vulnerability. The updates also include fixes for three critical Exchange bugs that are tracked as CVE-2022-21980, CVE-2022-24477, and CVE-2022-24516).
VMware releases exploit code
In an updated advisory, VMware published exploit code for CVE-2022-31656 and CVE-2022-31659 affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. One of the security researchers who identified the issue would be releasing the exploit code this week. Furthermore, VMware has urged its customers to apply the patches immediately.
CISA warning for UnRAR flaw
The CISA is warning against the abuse of a flaw in UnRAR on Linux or UNIX-based systems. Tracked as CVE-2022-30333, the flaw is a path traversal issue that allows an unauthenticated user to write arbitrary code and achieve privilege escalation. Successful exploitation of bugs against Zimbra email servers provides hackers visibility into the email communication.