Go to listing page

Cyware Daily Threat Intelligence, December 02, 2022

Cyware Daily Threat Intelligence, December 02, 2022

Share Blog Post

A new Go-based malware has forayed into the cyber landscape, throwing a new challenge to security experts as it ramps up threats aimed at the users of Redis. The attack exploits a patched critical bug tracked as CVE-2022-0543, which Muhstik botnet has abused earlier in a similar attack. Another malware making the headlines is a spyware framework. Named Heliconia, the malware is likely associated with Variston IT, a company in Barcelona, Spain.

Moving on, researchers claimed to have discovered a first-of-its-kind supply-chain attack vector against internal build servers for IBM Cloud databases. A similar set of flaws were also found to be affecting other popular cloud vendors, such as Microsoft Azure and Google Cloud Platform.

Top Breaches Reported in the Last 24 Hours


Data leak at England’s water supplier
South Staffordshire Water, England, revealed that a ransomware attack in August may have resulted in the exposure of sensitive personal and bank details. Customers who have been paying via debit cards seem to be victims of this attack. The Cl0p ransomware group is a potential suspect in the crime.

South Jersey schools under attack
Schools in Gloucester County, New Jersey, notified parents of a significant breach that has impacted their operations, leading to the cancelation of multiple activities across schools. There’s no clue so far about the involvement of any hacker group, however, the investigation is ongoing.

New Zealand health insurer compromised
A cyberattack crippled the networks of Accuro, a New Zealand-based insurance firm, restricting users' access to core systems. It's unclear what all customer data was exposed to hackers. The company has sent out a message about systems remaining offline for some time and urged everyone to cooperate.

Top Malware Reported in the Last 24 Hours


Go-based Redigo targeted Redis servers
AquaSec security firm spotted a new Go-based malware, dubbed Redigo, launching attacks on Redis servers. The adversaries are exploiting an already patched critical flaw, CVE-2022-0543, in Redis servers. The flaw—CVSS score 10.0—is a Lua sandbox escape flaw that impacts Debian and Debian-derived Linux distributions.

Google shares spyware details
Google TAG uncovered Heliconia, a commercial spyware, designed to exploit flaws in Microsoft Defender security software, and Chrome and Firefox browsers. The malware framework comprises three key components: Heliconia Noise, Heliconia Soft, and Files. Google has urged users to update browsers and software as a defense against exploits.

Top Vulnerabilities Reported in the Last 24 Hours


Buggy mobile apps for cars
Hyundai and Genesis car models were found at risk of remote attacks owing to vulnerabilities in their respective mobile apps named MyHyundai and MyGenesis. Models after 2012 could be remotely hijacked to unlock cars, locate, and even start the engine. The researchers showed a multi-step attack, written in custom Python script, that only needed the target's email address to pursue the attack.

IBM Cloud security hole
Security researchers at Wiz uncovered a flaw in IBM Cloud databases for PostgreSQL. The bug could let an attacker initiate a supply chain attack on cloud customers by abusing their internal IBM Cloud services and disrupting the image-building process. Experts also shared a class of PostgreSQL vulnerabilities that concerns top cloud vendors, including Google Cloud Platform and Microsoft Azure.

Critical bug in Quarkus Java framework
A sensitive bug in the Quarkus Java framework, by Red Hat, could be abused by a threat actor without any privileges, announced Contrast Security researcher Joseph Beeton. The bug, tracked as CVE-2022-4116, was found in the Dev UI Config Editor
and can lead to RCE attacks on affected systems.

Top Scams Reported in the Last 24 Hours


Lilac Wolverine gets with emo
Abnormal Security took the wraps off of a Nigeria-based group Lilac Wolverine that manipulates online users using COVID-19, emotional lures in BEC scams. Most of the targeted email accounts are hosted on AOL, Yahoo, BellSouth, Verizon, and Rogers webmail services. Lilac Wolverine typically requests easily available cards that recipients are likely familiar with, including Amazon, Apple, and Google Play, at amounts ranging from $100 to $500 per request.

 Tags

postgresql database
microsoft azure
redis servers
genesis
accuro
lilac wolverine
redigo
heliconia spyware
rce attacks
hyundai
south staffordshire water
gloucester county
quarkus java

Posted on: December 02, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.