Go to listing page

Cyware Daily Threat Intelligence, February 09, 2022

Cyware Daily Threat Intelligence, February 09, 2022

Share Blog Post

February 2022 security updates are here with new improvements and fixes. Let’s start with Microsoft which has issued patches for around 51 vulnerabilities across its software line-up that includes Visual Studio Code, Teams, Windows, Office, and Azure Data Explorer. SAP, on the other hand, has fixed an Internet Communication Manager Advanced Desync (ICMAD) vulnerability, among other security issues, that could have allowed attackers to compromise vulnerable SAP applications. Furthermore, Siemens and Schneider Electric have addressed nearly 50 vulnerabilities that were discovered in their products.  

Now, allow us to draw your attention to a phishing attack campaign that includes a unique twist that is making the rounds on the internet. Threat actors are dusting off a vintage spoofing attack method to target Microsoft Office 365 users. The attack method in concern is tracked as Right-to-Left Override (RLO) and has been used more than 200 times in the last two weeks to pilfer credentials from victims. 

Top Breaches Reported in the Last 24 Hours

FCDO suffers a security incident
The U.K. Foreign Office was the target of a serious cybersecurity incident. According to the report, attackers infiltrated Foreign Commonwealth and Development Office (FCDO) systems. The government has since removed tender documents from the website. 

Top Malware Reported in the Last 24 Hours

RedLine stealer malware spotted
Threat actors are using fake Windows 11 upgrade installers to trick users into downloading the RedLine stealer malware. The malware is currently being used to pilfer passwords, browser cookies, credit card details, and cryptocurrency wallet information. According to researchers, the attackers are using a seemingly legitimate ‘windows-upgraded.com’ domain for the malware distribution as part of their campaign.

Gold Dragon campaign
A new wave of attack campaigns from the Kimsuky hacking group has been found delivering a custom backdoor malware dubbed Gold Dragon. Gold Dragon is a second-stage backdoor that establishes persistence on the victim’s system. Furthermore, it helps the attackers install the xRAT tool to manually steal sensitive data from the targeted system.  

New Marlin backdoor
A new backdoor dubbed Marlin has been associated with a long-running espionage campaign named Out to Sea that started in April 2018. The malware is a new addition to the arsenal of OilRig aka APT34 threat actor group. Victims of the campaign include diplomatic organizations, technology companies, and medical organizations in Israel, Tunisia, and the United Arab Emirates. 

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft rolls out security updates
Microsoft has rolled out security updates for 51 vulnerabilities found in its Windows, Office, Teams, Azure Data Explorer, Visual Studio Code, and other components such as Kernel and Win32k. Fifty are rated as Important and one is rated ‘Moderate’. Nineteen of these flaws are addressed in the Chromium-based Edge browser.

SAP patches ICMAD flaws
SAP has published a group of 19 security notes for a range of security vulnerabilities. Three of these flaws are related to Log4j and have a CVSS score of 10. One of these vulnerabilities, dubbed ICMAD, affects Onapsis and can allow attackers to execute malicious activities on SAP users, business information, and processes. 

ICS patch Tuesday from Siemens
Siemens and Schneider Electric have released a total of 15 advisories to address nearly 50 vulnerabilities discovered in their products. Twenty-seven of these vulnerabilities affect Siemens products, The most important of these is tracked as CVE-2021-45106 and is rated ‘Critical. Schneider Electric has issued advisories for 20 vulnerabilities 

Jenkins fixes vulnerabilities
Jenkins has released fixes for two vulnerabilities that could be exploited to cause DoS attacks. The flaws, tracked as CVE-2022-0538 and CVE-2021-43859, affect Jenkins versions prior to 2.333 and LTS 2.319.2, respectively.  

Mozilla fixes multiple flaws
Mozilla has patched a dozen of security vulnerabilities in version 97 of the Firefox browser. The two most important ones are tracked as CVE-2022-22753 and CVE-2022-22754 and are classified as ‘High’. They can be exploited to run arbitrary code.

Adobe issues updates
Adobe has issued updates for 13 CVEs affecting Premiere Rush, Illustrator, Photoshop, After Effects, and Creative Cloud Desktop. Of these 13 vulnerabilities, five are rated as ‘Critical’. Successful exploitation of these vulnerabilities could lead to application DoS, arbitrary code execution, privilege escalation, and memory leaks. 

 Tags

gold dragon
redline stealer malware
internet communication manager advanced desync icmad vulnerability
kimsuky hacking group
marlin backdoor
right to left override rlo
fake windows 11 upgrade
schneider electric

Posted on: February 09, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.