Go to listing page

Cyware Daily Threat Intelligence, December 13, 2022

Cyware Daily Threat Intelligence, December 13, 2022

Share Blog Post

Another actively exploited bug was reported in the last 24 hours. The critical bug in FortiOS SSL-VPN urges your utmost attention as it has already been exploited in one instance. For its mitigation, Fortinet has advised disabling SSL-VPN. Meanwhile, a rather harmful spying activity was noticed in an app downloaded by thousands of iPhone and Android users across the globe. Named Xnspy, the app behaved as stalkerware and followed poor cyber hygiene, thereby leaking victims' data. 

Now zero days in Endpoint Detection & Response (EDR) and antivirus products pose a different level of threat altogether. A researcher has singled-out vulnerabilities in products from several top vendors.

Top Breaches Reported in the Last 24 Hours


Uber spilled sensitive data
Uber had its employee data, corporate reports, and other data impacted, owing to a third-party breach. The incident came to light after a threat actor published the data allegedly stolen from Uber and Uber Eats on a hacker forum. The third-party vendor that suffered a network breach is Teqtivity, an asset management and tracking service provider.

Hive in Knox College networks
Students at Knox College, Illinois, received an email claiming to be from the Hive ransomware group. With the email, hackers claimed to have severely impacted the critical infrastructure and stolen data from the college’s backup servers to access sensitive personal information such as medical records and SSNs. The threatening email read “In less than 24 hours, your data will be leaked on our site.”

LockBit takes a major bite
California’s Department of Finance fell victim to a ransomware operation by the LockBit group. Hackers may have fled away with 76 GB of data. They have given the agency a December 24 deadline to cough up a ransom or face the consequences in the form of data exposure. The group has posted seven screenshots containing internal documents and a file directory for other stolen files.

Top Malware Reported in the Last 24 Hours


Xnspy: a stalkerware in disguise
More than 60,000 Android and thousands of iPhone device owners had their data stolen after they downloaded an activity monitoring app. The malicious app, known as Xnspy, was explicitly marketed for spying on domestic partners’ devices or a spouse without their knowledge or permission. Several flaws in the app blurted out credentials and private keys left unattended by the developers.

Typosquatting hits Py and Js developers
A hacker was observed typosquatting well-known PyPI packages to infect developers with payloads written in Go language. This could lead to a new software supply chain attack. Researchers revealed that the plan was to infect victims with ransomware strains and instruct the victim to open a ‘readme’ file as they impersonate the CIA.

A ransomware trio targets Windows
According to Fortinet, three new (typical) ransomware families, named Aerst, ScareCrow, and Vohuk, are being increasingly used in attacks. The core target of the malware infection remains users in Germany and India. Experts have jotted down some similarities between ScareCrow and Conti, suggesting the former’s developer might have referred to the leaked Conti source code.

Top Vulnerabilities Reported in the Last 24 Hours


Fortinet’s emergency patch
Fortinet has urged its customers to patch a critical severity security flaw in its FortiOS SSL-VPN product. The flaw, identified as CVE-2022-42475, is a heap-based buffer overflow vulnerability that an unauthenticated attacker can abuse to execute arbitrary code, especially via crafted requests. As per the claim, the company is aware of this flaw being exploited in the wild.

Zero days give birth to wiper tools
SafeBreach Labs uncovered several security zero-day flaws in EDR and antivirus products that could be exploited to create next-gen data wipers. For instance, a researcher could abuse the flaws to delete arbitrary files and directories on the compromised systems, while rendering the machine inoperable.

 Tags

wiper tools
knox college
teqtivity
fortios ssl vpn
uber eats
xnspy
vohuk ransomware
uber app
lockbit gang
aerst ransomware
stalkerware
department of finance
pypi packages
zero day flaws
scarecrow ransomware

Posted on: December 13, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.