Go to listing page

Cyware Daily Threat Intelligence, February 02, 2022

Cyware Daily Threat Intelligence, February 02, 2022

Share Blog Post

The malware landscape frequently witnesses new entrants and updates to existing tools in the arsenals of cybercriminals. This time, BazarLoader appeared in a new campaign that spread using malicious CSV files. Meanwhile, the new Mars Stealer, which allegedly took inspiration from the defunct Oski malware, steals data from web browsers and cryptocurrency wallets.

Coming to new threats, researchers discovered 23 vulnerabilities in UEFI firmware made by InsydeH2O. Millions of devices from Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer are impacted by these vulnerabilities. In the last 24 hours, we also got a warning from the FBI regarding cybercriminals exploiting security weaknesses on job recruitment websites by posting fake job postings to steal information and money.


Top Breaches Reported in the Last 24 Hours

British Council leaks data
An unsecured Microsoft Azure blob belonging to British Council revealed student names, IDs, usernames and email addresses, and other personal information. More than 100,000 files with student records were found exposed online.

Palestinian targets under attack
Cisco Talos researchers uncovered a wave of attacks starting around October 2021, targeting Palestinian organizations and activists through political lures with an aim to infect them with a malware dubbed Micropsia. The attacks are part of a broader campaign, dating back to 2017, connected to a group known as Arid Viper.


Top Malware Reported in the Last 24 Hours

BazarLoader uses new tactics
Security researcher Chris Campbell found a new phishing campaign infecting victims with the BazarLoader (BazarBackdoor) trojan through malicious CSV files. The phishing emails pretend to be "Payment Remittance Advice" with links to attacker-controlled sites that download the CSV files.

New Mars Stealer spotted
A new malware named Mars Stealer was discovered in the wild. Researchers surmise it to be a redesign of the Oski malware that shut down development abruptly in 2020. Mars Stealer can steal data from all popular web browsers, two-factor authentication plugins, and multiple cryptocurrency extensions and wallets.


Top Vulnerabilities Reported in the Last 24 Hours

Chrome gets an update
Google released Chrome 98 which addresses a total of 27 security vulnerabilities. Of the 19 flaws reported by external researchers, eight are high severity, 10 are considered medium severity, and one is low risk. The most important of these issues are CVE-2022-0452 and CVE-2022-0453, two use-after-free bugs in safe browsing and reader mode, respectively.

Major UEFI firmware vulnerabilities
Researchers from Binarly discovered 23 vulnerabilities in UEFI firmware made by InsydeH2O. Most of these flaws stem from the System Management Mode (SMM) that provides system-wide functions such as power management and hardware control. The firmware is used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer.

ESET addresses high-severity flaws
ESET issued patches for a local privilege escalation vulnerability, tracked as CVE-2021-37852,  impacting its Windows clients. The flaw affects multiple versions of ESET NOD32 Antivirus, Internet Security, Smart Security and Smart Security Premium, Endpoint Antivirus and Endpoint Security for Windows, Server Security and File Security for Windows Server, Server Security for Azure, Security for SharePoint Server, and Mail Security for IBM Domino and for Exchange Server.


Top Scams Reported in the Last 24 Hours

Fake job listings grow
The FBI issued a public service announcement warning that cybercriminals are exploiting security weaknesses on job recruitment websites to post fake job postings. These listings aim to trick applicants into providing their personal information or money. 


 Tags

british council
mars stealer
arid viper
bazarloader
eset
local privilege escalation
uefi firmware
oski trojan
insydeh2o
micropsia
fake job postings

Posted on: February 02, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.