Go to listing page

Cyware Daily Threat Intelligence, January 17, 2023

Cyware Daily Threat Intelligence, January 17, 2023

Share Blog Post

The threat of spray-and-pray attacks continues to loom over vulnerable Zoho ManageEngine products owing to CVE-2022-47966. Researchers have announced an imminent PoC exploit. The arbitrary code execution flaw can give a sound hacker complete control over the compromised system. A set of three rogue PyPI packages have once again attempted to disrupt software developers’ work. The packages in question are named colorslib, libhttps, and httpslib. 

Frauds through Google Ads have been making headlines for the past few weeks. Attackers were able to relay an attack on the crypto wallet of an NFT influencer, swindling over $50,000 worth of NFTs and cryptocurrency.

Top Breaches Reported in the Last 24 Hours


Norwegian software maker suffered breach
The servers of DNV, the Norway-based ShipManager software provider that helps manage about 1,000 shipping vessels globally, were knocked offline by a cyberattack. The attack comes amid heightened concerns over the not-so-strong security infrastructure of the global supply chain following the Russia-Ukraine conflict. However, the victim firm claimed there was no harm to any other software or data.

Google Ads malware steals big
An NFT influencer was scammed for over $52,000 worth of NFTs in a phishing attack via malicious Google Ads. He reportedly lost at least 19 Ether ($27,000), a Mutant Ape Yacht Club (MAYC) NFT with the current floor price of 16 ETH ($25,000), and multiple other NFTs. The hacker moved most of the ETH through numerous wallets before sending it for swapping for unknown cryptocurrencies through FixedFloat.

Top Malware Reported in the Last 24 Hours


A trio of fake PyPI packages
A threat actor identifying itself as Lolip0p was spotted dropping three rogue packages to the PyPI repository with an aim to carry out supply chain attacks. The packages, named colorslib (versions 4.6.11 and 4.6.12), libhttps (version 4.6.12), and httpslib (versions 4.6.9 and 4.6.11) are designed to drop malware. The executable downloaded during the infection process is capable of dropping additional binaries.

Geopolitical themes to spread NjRAT
Trend Micro uncovered an ongoing campaign, dubbed Earth Bogle, targeting potential victims in the Middle East and Africa using geopolitical themes. The campaign drops NjRAT malware, which is served through public cloud storage services such as files.fm and failiem.lv. The enclosed malicious file claims to contain a “sensitive” audio file.

Top Vulnerabilities Reported in the Last 24 Hours


Announcement for PoC-release 
Security analysts would soon be releasing the PoC exploit code for a critical flaw that enables remote code execution without authentication in many Zoho and VMware products. The flaw CVE-2022-47966 is due to the use of an outdated and vulnerable third-party dependency, Apache Santuario. The easy-to-abuse flaw is a suitable candidate for cybercriminals conducting spray-and-pray attacks. 

GitHub Codespaces is vulnerable
New research revealed that a feature in GitHub Codespaces could be exploited by threat actors to deliver malware of their choice to a compromised device. Experts at Trend Micro demonstrated a scenario where they could serve malicious content at a rapid rate by exposing ports to the public.

Top Scams Reported in the Last 24 Hours


Smartphone users smashed with smishing
Danish smartphone users were bombarded with cryptic messages from a user who goes by the moniker of “Dansk-game”. It misinforms users about their enrollment to a monthly pay-to-win plan. The URL appended to the SMSs lured them to an infamous website where players can find cracks for popular games.

Hackers leverage mobilization move by Russia
Hackers have turned the fear of mobilization in citizens of Russia into an opportunity to harvest the personal data of individuals. The hackers involved are sending out texts—via Telegram—directing them to an infected site that purportedly contains a list of people who could be sent to fight in Ukraine in the coming months.

 Tags

danish consumers
vmware products
earth bogle
smishing campaign
pypi repository
dnv
google ads
russian mobilization
njrat malware
mutant ape yacht club
lolip0p
github codespaces
zoho manageengine
nft influencer

Posted on: January 17, 2023


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.