Go to listing page

Cyware Daily Threat Intelligence, January 02, 2023

Cyware Daily Threat Intelligence, January 02, 2023

Share Blog Post

Welcome to 2023! Cyware wishes you a sparkling New Year :)

A doppelganger of a PyTorch dependency was seen in the wild that could have led to system compromise by actors pulling off attacks through the dependency confusion attack vector. Meanwhile, a Linux malware variant is posing threat to users via vulnerabilities in more than two dozen WordPress plugins and themes. Website users are recommended to keep their web app components up-to-date.

Moving on, the CISA listed a couple of actively exploited bugs related to TIBCO JasperReports products. The first one is an information disclosure bug in the server component, and the other is a directory traversal flaw in its library.

Top Breaches Reported in the Last 24 Hours


Hackers target community college 
Bristol Community College fell victim to a ransomware attack that impacted its internet-related communication systems, such as email and Teams, and rendered shared documents inaccessible for students and employees. Students and staff were asked to consider changing their credentials.

Medical data lay exposed
A report by Jama Network stumbled across the medical information of approximately 42 million Americans being offered on underground marketplaces, since 2016. The study analyzed trends in ransomware attacks on U.S. healthcare institutions between 2016 and 2021. The number of attacks in that period has also doubled, noted experts.

Top Malware Reported in the Last 24 Hours


Malicious PyTorch dependency
PyTorch team has identified a malicious dependency within its framework library. The package was the homonym for the torchtriton dependency. Exploiting it, a hacker could successfully trigger dependency confusion attacks, compromising multiple systems. PyTorch admins advised users to uninstall the counterfeit framework.

Unnamed Linux malware
An unprecedented strain of Linux malware was detected by security vendor Doctor Web. It abuses bugs in over two dozen plugins and themes for WordPress sites. The malware injects JavaScript code—called from a remote server—and redirects visitors to an arbitrary website of the threat actor’s choice.

BlackCat’s new tactic
The ALPHV/BlackCat ransomware group experimented with a new extortion tactic. It erected a copied site for one of its victims and published the stolen data on it. The victim firm, which is in the financial services industry, apparently did not bend down to the threat actor’s demands.

Top Vulnerabilities Reported in the Last 24 Hours


CISA lists JasperReports bugs
The CISA added two-year-old security flaws impacting TIBCO Software’s JasperReports products to its list of most exploited vulnerabilities catalog. The flaws tracked as CVE-2018- 5430 and CVE-2018-18809, are related to information disclosure and directory traversal issues, respectively.

 Tags

linux malware
wordpress sites
blackcat ransomware
pytorch
jasperreports
bristol community college

Posted on: January 02, 2023


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.