Go to listing page

Cyware Daily Threat Intelligence, December 05, 2022

Cyware Daily Threat Intelligence, December 05, 2022

Share Blog Post

A new Malware-as-a-Service (MaaS) platform has come to the notice of security researchers that caters to inexperienced or low-skilled hackers with multiple malicious modules to steal sensitive data and achieve remote access. There are ongoing contracts of nearly 4,000 malware builds for the platform. In another streak, the infamous Lazarus group has unleashed a slew of fraudulent cryptocurrency apps under the made-up brand called BloxHolder. The campaign is camouflaged to drop the AppleJeus malware on users’ devices.

Furthermore, we officially have the ninth Chrome zero-day vulnerability of 2022 reported recently. Google has urged customers to update quickly as they are aware of an exploit for the vulnerability dubbed CVE-2022-4262.

Top Breaches Reported in the Last 24 Hours


French hospital disrupted by attack
A potential cyberattack at a Versailles hospital center, Yvelines (France), led to the postponing of medical operations in the facility. Patients were transferred from ICU and neonatal units. While filing a complaint about the attack, the hospital mentioned an extortion attempt by the cybercriminals.

Dutch party-member data exposed
A security loophole in the app by Dutch political party Forum voor Democratie exposed the personal information of all the 93,000 current and past party members in the public domain. The leak contains the names, addresses, and bank account numbers. Most of the leaked information came from the members in Amsterdam, Rotterdam, The Hague, and Almere.

One more attack on DeFi firm
BNB-based DeFi protocol Ankr was hit by a multi-million dollar exploit. The cyber adversaries purportedly minted 6 quadrillion Ankr Reward Bearing Staked BNB. They swapped the funds using other crypto services and managed to retrieve around $5 million worth of USD Coins.

Top Malware Reported in the Last 24 Hours


DuckLogs: a new emerging MaaS
Cyble research team unearthed a new malware-as-a-service (MaaS) operation, dubbed DuckLogs. Hackers using this malware can steal information, hijack clipboard data, and monitor system controls via remote access. Thousands of criminals have taken a paid subscription to create and launch more than 4,000 malware builds.

Lazarus’ new malware campaign
North Korean threat group Lazarus was seen launching fake cryptocurrency apps under the self-made BloxHolder brand. The group’s motive appears to be deploying the AppleJeus malware for initial access which, in turn, is utilized to penetrate networks and extract crypto assets.?? The new campaign allegedly began in June 2022.

Top Vulnerabilities Reported in the Last 24 Hours


Linux vulnerability in Snap Software
Qualys researchers disclosed details about a new Linux bug tracked as CVE-2022-3328 in Snap software. An adept hacker can chain this bug with two other apparently harmless flaws to achieve root privileges on an affected system. The flaw is a race condition in Snapd, a Snap software tool, and concerns the ‘snap-confine’ program used to construct the execution environment for Snap applications.

Ninth zero-day in Chrome this year
Google warned against a highly critical zero-day described as a type of confusion flaw in the browser’s V8 JavaScript engine. Identified as CVE-2022-4262, the flaw could let a remote attacker potentially exploit heap corruption via a specially crafted HTML page. Hackers exploiting it can execute RCE-based attacks by serving untrusted code from a malicious page.

 Tags

ducklogs
french hospitals
bloxholder
ankr
forum voor democratie
applejeus
snap software
versailles
linux bug
chrome zero day

Posted on: December 05, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.