Go to listing page

Cyware Daily Threat Intelligence, January 12, 2023

Cyware Daily Threat Intelligence, January 12, 2023

Share Blog Post

Researchers warned of yet another sensitive bug impacting Chrome and Chromium-based browsers that could let an attacker steal files containing confidential data. Abuse of the bug, dubbed SymStealer, could lead to sensitive data access, such as crypto wallets and cloud credentials. Meanwhile, an Asus router model was found containing three critical vulnerabilities, with one of them—with a CVSS score of 9.0—posing threat to the administrative rights of the targeted device.

That’s not all. Security analysts unearthed a ransomware attack campaign wherein hackers stayed hidden in the targeted network for five months before moving laterally to infect more systems and steal data.

Top Breaches Reported in the Last 24 Hours


Social marketplace suffers data exposure
Social commerce website trustanduse[.]com inadvertently laid bare users’ personal and business information via an 855GB database for at least six months. The leak concerned sensitive data of users, including usernames, full names, phone numbers, Facebook IDs, and hashed passwords of 439,000 users.

PII and PHI compromised
A cybercriminal gained unauthorized access to the Bay Bridge Administrators’ network compromising both the PII and PHI of nearly 250,000 individuals. The affected data includes names, addresses, birth dates, SSNs, driver’s license numbers, and medical and health insurance information of clients.

Operation at Royal Mail interrupted
Customers of the U.K’s Royal Mail were requested to stop sending parcels and letters internationally owing to a cyberattack. The postal service faced temporary disruption in dispatching customers’ items. Furthermore, it hasn’t revealed the nature of the incident.

Top Malware Reported in the Last 24 Hours


Lorenz ransomware abuses Mitel devices
Security experts at S-RM revealed that Lorenz ransomware attackers exploited a severe vulnerability in Mitel telephony infrastructure to move laterally, harvest data, and encrypt systems. According to the report, the attackers awaited for five months before taking over the victim's network.

Raspberry Robin’s deep dark secret
A new analysis of Raspberry Robin by cybersecurity firm SEKOIA found that threat actors can repurpose their command-and-control (C2) infrastructure to infect more servers. Hackers used compromised QNAP NAS devices resolved by domain names as its first C2 level, as a validator and forwarder. The initially compromised servers act as forward proxies to the next as-yet-unknown tier.

Top Vulnerabilities Reported in the Last 24 Hours


12 security updates by SAP
SAP rolled out 12 new and updated security notes under January 2023 Security Patch Day. The release includes seven ‘hot news’ or the most severe vulnerabilities. An SQL injection bug in Business Planning and Consolidation MS lets a hacker data read, delete or modify data. The bug has a CVSS score of 9.9 and is tracked as CVE-2023-0016.

Server takeover bug in SugarCRM
A high-severity vulnerability in SugarCRM was being exploited by hackers to inject malware onto users’ devices. Successful exploitation of the flaw gives a hacker control over victims’ servers. Researchers have made hotfixes available for the flaw, which was a zero-day when the exploit code was posted online.

SymStealer flaw patched
A security flaw in Google Chrome and Chromium-based browsers that could allow the theft of sensitive files has been addressed by security experts. The issue, dubbed SymStealer, originated from the way the browser interacted with symlinks while processing files and directories. The medium-severity issue is tracked as CVE-2022-3656.

Buggy Asus routers
Cisco Talos released technical information on three critical bugs impacting Asus RT-AX82U routers, a Wi-Fi 6 gaming router. The most severe bug among those is an authentication bypass flaw exploitable via a series of specially crafted HTTP requests. It could be exploited to gain administrative access to a device.

 Tags

chrome
qnap device
trustandusecom
lorenz ransomware
royal mail
symstealer
sap patches
asus rt ax82u router
raspberry robin
bay bridge administrators bba
sugarcrm

Posted on: January 12, 2023


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.