Go to listing page

Cyware Daily Threat Intelligence, January 16, 2023

Cyware Daily Threat Intelligence, January 16, 2023

Share Blog Post

Warnings you must not miss! The CISA has released a number of advisories to warn organizations about multiple ICS flaws affecting products from Sewio, Sauter Controls, InHand Networks, and Siemens. The vulnerabilities could be abused for a range of threats - privilege escalation, arbitrary code execution, command injection, information disclosure, and more. Moreover, if you use the Cacti device monitoring tool, pay extra caution as your device could be vulnerable to a high-severity command injection flaw.

The VPN market has exploded greatly in the last few years and so has the abuse of VPN technologies by cyber adversaries. Security researchers discovered a malware campaign (started in May 2022) that delivered a spyware called EyeSpy, along with the VPN product.

Top Breaches Reported in the Last 24 Hours


Canada’s largest alcohol retailer suffers breach
The Liquor Control Board of Ontario (LCBO) disclosed a security breach by an unknown skimmer group. Customers who accessed its payment page between January 5, 2023, and January 10, 2023, may have had their sensitive data, such as credit card information, compromised. The attack forced authorities to take the website and mobile app offline.

UFED provider firm hacked
An unknown actor allegedly leaked a trove containing 1.7 GB of data pertaining to Israeli mobile forensics firm Cellebrite. The company offers services to law enforcement and intelligence agencies to help unlock and access data on mobile devices. Along the same lines, Swedish forensics firm MSAB also suffered a leak by the same actor.

Top Malware Reported in the Last 24 Hours


VPN installers bringing Iranian spyware
Bitdefender security analysts stumbled across a malware threat campaign dropping EyeSpy spyware. It is originally considered to be a part of a monitoring application called SecondEye. The campaign appears to have begun in May last year from Iran, with infections detected across Germany and the U.S.

Free decryptor for BianLian out
Avast rolled out a free decryptor for the victims of BianLian ransomware. The cybercriminal group breached multiple high-profile organizations last year. The decryption tool will only help victims targeted by a known variant of the BianLian ransomware. 

Top Vulnerabilities Reported in the Last 24 Hours


Exposed device monitoring tool
Code quality and security firm SonarSource reported at least 1,600 instances of the exposed Cacti device monitoring tool. These devices are being targeted by hackers owing to a critical command injection flaw tracked as CVE-2022-46169. To infect these devices, the exploits install botnets, such as Mirai malware and IRC botnet. The more recent attacks were observed only checking for the vulnerability, instead of running port scans as seen in earlier exploitation attempts.

CISA alerts against multiple ICS bugs
Critical security vulnerabilities concerning ICS from Sewio, Sauter Controls, InHand Networks, and Siemens are posing a variety of threats to respective devices. As per CISA, the bug in Sewio's RTLS Studio is the most severe issue; hackers could abuse it to illegally access the server, modify content, trigger a DoS condition, execute arbitrary code, and gain elevated access.

 Tags

cacti
secondeye
inhand networks
siemens flaws
cellebrite
sauter controls
liquor control board of ontario lcbo
msab
bianlian ransomware
eyespy
sewio rtls studio

Posted on: January 16, 2023


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.