Go to listing page

Cyware Daily Threat Intelligence, January 19, 2023

Cyware Daily Threat Intelligence, January 19, 2023

Share Blog Post

Failure to patch systems with known vulnerabilities and known fixes is a key problem. For instance, roughly 6% of internet-facing Sophos Firewalls could be exploited using a critical vulnerability that the firm squashed last month, leaving organizations susceptible to RCE attacks. Meanwhile, Roaming Mantis malicious campaigns got a makeover with a DNS changer function, reported Kaspersky. Using this feature, adversaries can illegally manage all communications from devices via compromised Wi-Fi routers. 

Malware architects innovate once again! A new strain, dubbed Hook, could be making its way through phishing campaigns, Telegram, or in the form of Google Play Store dropper apps, warned experts from ThreatFabric.

Top Breaches Reported in the Last 24 Hours

Hundreds of Mailchimp users impacted
Customers of the popular email marketing and newsletter service Mailchimp suffered a data security incident and exposed sensitive records. Hackers pulled off a social engineering tactic on Mailchimp employees and contractors to access its internal support and account admin tool and pilfer information about 133 customers.

Operations halted at 300 U.K fast-food restaurants
American company Yum! Brands fell victim to a ransomware attack that forced it to shut down nearly 300 fast-food restaurants in the U.K. The attack allegedly affected “certain information technology systems” and data was stolen from its network. So far, there is no evidence of stolen customer data.

Credential stuffing hits 35,000 PayPal users 
PayPal sent out breach notifications to approximately 35,000 users in light of credential stuffing attacks that exposed their personal data. Unauthorized third-party logins were spotted against the accounts with valid credentials. The impacted data include full names, addresses, SSNs, individual tax identification numbers, and more.

Top Malware Reported in the Last 24 Hours

Roaming Mantis’ new approach
The developers of Roaming Mantis were found using a DNS changer function to penetrate through Wi-Fi routers and carry out DNS hijacking. This was newly implemented in the XLoader malware, which acts as the main payload in this campaign. Most of the infections were detected in South Korea, followed by France, Japan, Austria, and Germany.

Malware developers launch Hook
Authors of the BlackRock and ERMAC Android banking trojans released yet another malware known as Hook. It has been equipped with remote access tooling capabilities. A swathe of financial apps that the malware targeted concerns users in the U.S., Poland, Spain, Australia, Canada, Turkey, the U.K., France, Italy, and Portugal.

Russian APT deploys CaddyWiper malware
CERT-UA held Russian Sandworm APT responsible for a pernicious malware attack targeting Ukrinform, the country's national news agency. The attackers injected the CaddyWiper malware into the agency's systems abusing a Windows group policy (GPO). Nonetheless, threat actors could not succeed in hampering the news agency's operations.

Top Vulnerabilities Reported in the Last 24 Hours

Git caretakers fix security holes
The maintainers of the Git source code version control system patched critical flaws tracked as CVE-2022-23521 and CVE-2022-41903, in their software. The vulnerabilities can be exploited by an actor to achieve remote code execution (RCE). The former flaw is a gitattributes parsing integer overflow. The latter flaw is an integer overflow in `git archive`, a format leading to RCE.

RCE threat clings on Sophos firewalls
According to VulnCheck researchers, over 4,000 public-facing Sophos firewalls are still vulnerable to a sensitive RCE bug that was disclosed last year. The bug, CVE-2022-3236, received a hotfix for some versions of the firewall, however, a formal update was released in December 2022. Reportedly, no public PoC exploits exist for the bug.

SQL injection flaw in Cisco products
A high-severity SQL injection flaw received a fix in Cisco Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME). The bug, CVE-2023-20010, is due to improper validation of user input in the web-based management interface of the platforms.


paypal website
sql injection flaws
git source code
cisco unified communications manager unified cm
cisco unified cm sme
yum brands inc
hook malware
sophos firewall
sandworm apt group
roaming mantis

Posted on: January 19, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.