Go to listing page

Cyware Daily Threat Intelligence, January 04, 2023

Cyware Daily Threat Intelligence, January 04, 2023

Share Blog Post

ProxyNotShell threats are far from over. Nearly 60,000 Exchange servers were found vulnerable to CVE-2022-41082, one of the two ProxyNotShell flaws. Nonetheless, the number of flawed servers has plummeted (not-so-significantly) as compared to mid-December’s count. Speaking of security holes, Qualcomm issued patches to fix five bugs that also concern some Lenovo models. Some Lenovo models are affected by the bugs in question that could be abused to expose sensitive data and cause memory corruption.

The malware landscape also has added a new threat, as disclosed by the ASEC team. Researchers stumbled across a new shell script compiler (shc)-based malware downloader that could bring along XMRing miner on compromised systems.

Top Breaches Reported in the Last 24 Hours


Deezer exposes data of 200 million users
RestorePrivacy broke the news about a massive breach incident at music-streaming service Deezer. The hack, however, reportedly occurred at one of Deezer’s third-party service providers in 2019. The incident has resulted in the exposure of the personal data of over 200 million users.

LockBit hits Wabtec Corporation
U.S. rail and locomotive company Wabtec Corporation revealed it suffered a data breach by LockBit ransomware. The organization has confirmed the leak of sensitive data that was later posted on the threat actor’s leak site. Hackers also published the link to the stolen data in light of the failure of an extortion attempt.

Volvo Cars reported network intrusion
A hacker has put up data stolen from Swedish vehicle manufacturer Volvo Cars on a hacker forum for sale. The firm fell victim to a ransomware attack by the Endurance ransomware group that emerged around November last year. The actor is offering the data at the price of $2,500 in Monero cryptocurrency from interest buyers.

Top Malware Reported in the Last 24 Hours


An shc downloader malware
The ASEC analysis team uncovered a new shell script compiler (shc)-based Linux malware dropping XMRig miner on compromised systems. Hacker pulled off the attack through a dictionary attack on mismanaged Linux SSH servers. An attack chain spotted in the campaign included both the shc downloader malware and a Perl-based DDoS IRC bot.

Top Vulnerabilities Reported in the Last 24 Hours


Thousands of Exchange servers are vulnerable
The infamous RCE vulnerability, CVE-2022-41082, aka ProxyNotShell bug, is back in headlines as researchers unveiled that approximately 60,000 Exchange servers are yet to be patched against the threat. Successful exploitation of the bug allows adversaries to escalate privileges and gain arbitrary code-writing access on compromised servers.

Multiple bugs in Qualcomm chips
Researchers disclosed five bugs in Qualcomm chipsets that also affect Lenovo ThinkPad X13s laptops. The bugs, identified as CVE-2022-40516 through CVE-2022-40520, are memory corruption and information disclosure (due to buffer over-read in Core). Lenovo has released BIOS updates to patch the bugs.

 Tags

lenovo laptop
linux malware
deezer
wabtec corporation
endurance ransomware gang
xmrig malware
qualcomm chipsets
proxynotshell
lockbit ransomware group
volvo cars

Posted on: January 04, 2023


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.