Go to listing page

Cyware Daily Threat Intelligence, December 06, 2022

Cyware Daily Threat Intelligence, December 06, 2022

Share Blog Post

Minutes before the Pwn2Own event, NETGEAR and TP-Link issued a security fix for devices that were to be included in the bug-finding contest. According to sources, the firewall restrictions in place to determine IPv4 traffic’s access restrictions lie down on the job when it comes to the IPv6 WAN interface. Meanwhile, ransomware toolkit Cryptonite was used by a slew of cybercriminals to build a malware sample that lacked decryption capabilities and eventually behaved as a wiper malware.

That’s not it. A cybersecurity research group uncovered a persistent SIM swapping act by Scattered Spider to pilfer user credentials employed at telecoms and Business Process Outsourcing (BPO) firms.

Top Breaches Reported in the Last 24 Hours


COVID-relief funds robbed of $20 million
Chinese APT group APT41 bilked at least $20 million from US COVID-relief funds, revealed Secret Service. The campaign took off in mid-2020 and carried out more than 40,000 financial transactions affecting 2000 accounts. Hackers targeted SBA loans and unemployment insurance funds across more than 12 states.

Team Mysterious Bangladesh
Threat actor group, dubbed Team Mysterious Bangladesh, announced to have compromised the systems of the Indian Central Board of Higher Education (CBHE). Hackers allegedly leaked PII, including Aadhaar numbers, Indian Financial System Codes (IFSC codes), and other details of individuals. The impacted database contains student data from 2004 to 2022.

50GB Israeli data on sale
VPNMentor security experts found a group of hackers offering nearly 50GB of data for sale on a couple of online forums and a Telegram channel. An investigation into the incident revealed that the data belongs to 29 Israeli firms that provide logistics services, transportation, and freight forwarding services. Hackers may have exploited a software provider as a single point of failure.

Top Malware Reported in the Last 24 Hours


CryWiper pose as ransomware
A new data wiper malware known as CryWiper was seen ??disguising itself as a ransomware strain to extort money from victims. The attack campaign targets Russian government agencies, including the mayor's offices and courts. It is a C++-based malware programmed to establish persistence via a scheduled task and communicate with a C2 server.

New version of Cryptonite malware tool
Researchers at Fortinet unearthed a malware sample that was developed using a version of the open-source ransomware toolkit Cryptonite. However, the researchers don’t believe it to be a potential threat owing to its encryption and decryption capabilities. Hackers reportedly used the Fernet module of the cryptography package to encrypt files.

Warning against Cuba ransomware
In a new advisory, the CISA and the FBI alarmed organizations and users against a spike in attack attempts by the Cuba ransomware group. The ransomware brings expertise in double extortion attacks. As per data, attackers have crippled over 100 victims globally and demanded more than $145 million in ransom payments. So far, they received $60 million from their extortion demands.

Top Vulnerabilities Reported in the Last 24 Hours


Program-crashing bug in FreeBSD
FreeBSD creators rolled out a security fix within its ping module that, if exploited, could crash it or even trigger remote code execution. The bug, tracked as CVE-2022-23093, affects all supported versions of FreeBSD. Furthermore, the FreeBSD-based OPNsense software was patched to resolve the security issue, among other issues.

Routers receive critical fix
Cybersecurity firm Tenable laid out details related to a patch for NETGEAR and TP-Link routers. NETGEAR has located a flaw in one of its Nighthawk WiFi6 router models saying that the firewall restrictions to determine IPv4 traffic’s access restrictions don’t work for the IPv6 WAN interface. Hence, any user can gain random access to a service running on the device and can infiltrate IPv6.

Top Scams Reported in the Last 24 Hours


SIM swapping activity spotted
CrowdStrike Services studied an intrusion campaign against telecommunications and Business Process Outsourcing (BPO) firms by a novel attack group, dubbed Scattered Spider. Criminals target victims via social engineering techniques, such as phone calls, Telegram messages, or impersonating IT personnel. Their objective is to steal user credentials or install malicious programs for further damage.

 Tags

crywiper
apt41
covid relief fund
netgear
tp link
cryptonite
sim swapping
team mysterious bangladesh
central board of higher education cbhe
freebsd
israeli firms
cuba ransomware
ipv6 wan
nighthawk wifi6 router model

Posted on: December 06, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.