Go to listing page

Cyware Daily Threat Intelligence, January 10, 2023

Cyware Daily Threat Intelligence, January 10, 2023

Share Blog Post

Exposing cloud-based container clusters to the Internet without proper security measures is like a red carpet rolled down to welcome attackers. Lately, operators behind the Kinsing cryptocurrency malware were seen targeting Kubernetes clusters via misconfigured PostgreSQL servers and vulnerable images. In other news, an unusual Magecart activity has been traced by researchers. Here, cyber adversaries have used a crypto-inspired theme to steal card data as opposed to other threat actors who generally pick domain names after third-party libraries or Google Analytics.

Also, a high-severity bug was reported in much popular JsonWebToken, the open-source project developed and maintained by Okta Auth0. The vulnerability impacts versions prior to 9.0.0.

Top Breaches Reported in the Last 24 Hours

Kansas-based healthcare facility breached
Captify Health, Kansas, is informing nearly 244,300 individuals—who underwent an intestinal probe since 2019—about a sensitive breach. A hacking incident at a third-party vendor allegedly risked the personal and payment card information of victims for more than three years, from May 26, 2019, to April 20, 2022.

Hackers infiltrated SF’s BART
The Vice Society ransomware group claimed to have compromised the networks of San Francisco’s Bay Area Rapid Transit (BART) - the fifth-busiest heavy rail rapid transit system in the U.S. Officials stated that “no BART services or internal business systems have been impacted.” It is investigating the stolen data posted by the group on its leak site.

Serbia ministry targeted by DDoS attack
At least five separate DDoS attacks were launched against the Serbian Ministry of the Interior in a span of 48 hours with an aim to cripple its infrastructure. The cyberattacks, most probably, came amid rising tensions in the Balkans in the wake of the Russian invasion of Ukraine.

Top Malware Reported in the Last 24 Hours

Kinsing malware targets Kubernetes
Microsoft researchers detected a Kinsing cryptojacking operation trying to gain initial access to Kubernetes environments by abusing weakly configured PostgreSQL containers and exploiting vulnerable images. Vulnerable applications running PHPUnit, Liferay, WebLogic, and WordPress were exploited by hackers.

Cryptocurrency theme for skimming
Malwarebytes Labs Threat intelligence team unearthed a skimmer campaign hosted on DDoS-Guard hosting provider and targeting e-commerce sites and their customers. It uses the 'Mr.SNIFFA' framework and deploys a never-before-seen crypto-inspired theme for scams, malware distribution sites, Bitcoin mixers, and more. 

Top Vulnerabilities Reported in the Last 24 Hours

Serious flaw in jsonwebtoken library
A critical security hole was reported in the jsonwebtoken (JWT) open-source library. Identified as CVE-2022-23529, cybercriminals could execute RCE attacks on a targeted server via a maliciously crafted JSON web token (JWT) request. The exploitation of the flaw leads to the breach of confidentiality and integrity guarantees by enabling a bad actor to overwrite arbitrary files.

Top Scams Reported in the Last 24 Hours

Facebook-based scam to extract credentials
Check Point’s Avanan uncovered an attack campaign wherein hackers approach potential victims with Facebook copyright infringement notices to harvest their account credentials. The phishing email informs users that their Facebook account has been revoked and they have 24 hours to make an appeal.


fake copyright infringement notice
phishing emails
kinsing malware
vice society ransomware
facebook scam
ministry of the interior
captify health
bay area rapid transit san francisco

Posted on: January 10, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.