Go to listing page

Cyware Daily Threat Intelligence, December 16, 2022

Cyware Daily Threat Intelligence, December 16, 2022

Share Blog Post

Are your devices operating on default credentials? Microsoft has reported about a new botnet threat known as MCCrash that can take over such devices and also boasts a unique spreading mechanism. While the botnet malware can exit from the infected system, it could still persist on unmanaged IoT devices in the network. The world’s largest online community of LEGO fans was found plagued by two vulnerabilities, exposing it to Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF) attacks. 

Beware of fake Windows installers! Recently, the government of Ukraine was targeted with malicious ISO files camouflaged as Windows 10 updates. The attack seems like an espionage attempt instead of some financially-motivated intrusion.

For detailed Cyber Threat Intel, click ‘Read More.’

Top Breaches Reported in the Last 24 Hours


Crypto firm suffered third-party incident
Crypto exchange Gemini was targeted in a phishing attack after hackers successfully extracted the personal information of its customers from an unnamed third-party vendor. Security experts found phone numbers and email addresses of its 5.7 million users available for sale on different hacker forums. Customers’ account data and its systems have not been impacted.

Potential breach at Social Blade 
Cybercriminals illegally entered the network of social media analytics platform Social Blade to pilfer critical data which was then put on sale on the dark web. It is assumed that the hackers abused a bug on its website to access the database. Hackers may have stolen email addresses, password hashes, Client IDs, tokens for business API users, and other non-personal and internal data.

Top Malware Reported in the Last 24 Hours


New Agenda ransomware sample
Trend Micro security analysts spotted a sample of the Agenda ransomware written in Rust. The actors seem to have modified the previous ransomware version, originally written in the Go language, for intended victims. Moreover, the Rust variant has also been using intermittent encryption tactics for faster encryption and detection evasion.

MCCrash - New botnet in town
Microsoft unearthed MCCrash, a cross-platform botnet, that is aimed at launching DDoS attacks against private Minecraft servers. The cluster of activity is being tracked as DEV-1028 by the researchers. MCCrash breaks through default credentials on internet-exposed SSH-enabled devices. It is being dropped via fake software downloads by Windows users, however, it can propagate to infect Linux-based devices as well.

Fake Windows 10 installers
The UNC4166 threat group recently targeted Ukrainian government entities via trojanized ISO files imitating legitimate Windows 10 installers. After compromising machines, these files drop several backdoors, such as Stowaway, Beacon, and Sparepart for persistence. The malware are capable of transferring files, stealing records, and executing arbitrary commands.

MirrorStealer by MirrorFace
Hacker group MirrorFace has been targeting Japanese politicians with a new custom malware, dubbed MirrorStealer, for weeks, revealed cybersecurity firm ESET. The info-stealing malware payload was used along with the group’s signature backdoor, LODEINFO. The latter would help in communicating with a C2 server belonging to APT10 infrastructure.

Top Vulnerabilities Reported in the Last 24 Hours


API bugs in LEGO website
Two API security flaws were found in the biggest online LEGO fans community, BrickLink, which has over a million registered members. The first flaw was an XSS bug that can let an attacker execute ill-intent code using a specially crafted link. The second flaw was an XML External Entity (XXE) injection bug leading to an SSRF attack and the leak of AWS EC2 tokens for the server.

Updates for Siemens and Schneider Electric out
Siemens and Schneider Electric issued patches for more than 140 flaws in their December 2022 Patch Tuesday release. An advisory by Seimens discusses patches for more than 80 OpenSSL and OpenSSH vulnerabilities in Scalance X-200RNA switches. In Schneider Electric, a key advisory patches four critical and high-severity bugs in its APC Easy UPS online monitoring software.

 Tags

api security flaw
bricklink service
mirrorface
social blade
gemini
malicious iso files
openssh vulnerability
siemens flaws
lego
siemens scalance x 200rna switches
mccrash
openssl vulnerability
agenda ransomware
mirrorstealer
lodeinfo
schneider electric

Posted on: December 16, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.