Go to listing page

Cyware Daily Threat Intelligence, December 07, 2022

Cyware Daily Threat Intelligence, December 07, 2022

Share Blog Post

Making its way through a third-party script, a cybercriminal group from Russia infiltrated dozens of e-commerce sites globally to pilfer card data. The issue, as highlighted, was the lack of visibility into the third party’s code, topped with deplorable security practices. Beware of a new malware threat upping its ante against Linux servers and IoT devices. Known as Zerobot, it targets multiple vulnerabilities for initial access to take over devices and has two versions available in the market.

Furthermore, Google issued numerous patches in its December 2022 Android updates. It encompasses security holes across Android Runtime, Framework, Media Framework, System, and Google Play system update components.

Top Breaches Reported in the Last 24 Hours


Chinese hackers target Amnesty International
It is believed that a suspected Chinese threat group breached Amnesty International Canada. The human rights NGO identified the breach in its IT infrastructure in the first week of October. Researchers have not confirmed the leak of any type of data in the incident. An in-depth investigation is ongoing.

A couple of attacks hit New Zealand
New Zealand’s MSP Mercury IT fell victim to a cyberattack. The attack is delicate in nature as it offers its services to many government agencies and businesses. New Zealand's Privacy Commission said the information impacted and the extent of the attack is being studied. Meanwhile, the attack has also compromised a plethora of sensitive data of patients at Te Whatu Ora, a health service in the country.

Belgium city disrupted in new attack
A hacker group sabotaged Antwerp's (Belgium) services by crippling the servers of the city's digital partner Digipolis. The victim firm provides administrative software that extends to services used by citizens, daycare centers, schools, and the police - all of which suffered interference, of one type or the other, in their operations.

Top Malware Reported in the Last 24 Hours


Zerobot - a Linux-based malware
Researchers from FortiGuard Labs disclosed a unique botnet that abuses IoT vulnerabilities. Dubbed Zerobot, the malware contains several modules, such as self-replication and self-propagation. The malware, written in the Go language, can also communicate to its C2 server using the WebSocket protocol. The campaign allegedly began sometime post-mid-November.

Top Vulnerabilities Reported in the Last 24 Hours


Google rolled out 75 patches
December 2022 Android updates received bug fixes for 75 flaws, with CVE-2022-20411 as the most critical among them. It is an RCE bug in Android’s System component that could be exploited over Bluetooth. The company addressed two other high-severity RCE flaws, tracked as CVE-2022-20472 and CVE-2022-20473, in the Framework component.

New Sophos Firewall version is out
Sophos informed its customers about seven vulnerabilities in its Sophos Firewall version 19.5 that has been patched. This includes a critical arbitrary code execution flaw, CVE-2022-3236, which was exploited in September against organizations, especially in South Asia. However, the flaw is not a new one.

Top Scams Reported in the Last 24 Hours


Group X pursues web skimming
JavaScript protection vendor Jscrambler found a web skimming campaign active since last year. The attack campaign has claimed more than 40 e-commerce websites as victims by exploiting a third-party JS library known as Cockpit. Experts say that Russian Group X illegally exported the card data to its server by pulling off supply-chain attacks against the victims.

 Tags

linux systems
amnesty international canada
te whatu ora
zerobot
mercury it
e commerce websites
android patches
sophos firewall
digipolis
group x

Posted on: December 07, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.