Go to listing page

Cyware Daily Threat Intelligence, January 20, 2023

Cyware Daily Threat Intelligence, January 20, 2023

Share Blog Post

Multiple cloud services platforms including Microsoft Azure are vulnerable to a remote code execution flaw dubbed EmojiDeploy. Upon successful exploitation, attackers can carry out remote code execution and a full takeover of the targeted application, leading to data theft and phishing attacks. In other headlines, two malware injections were spotted accomplishing separate goals against hundreds of targeted WordPress sites. The first one simply redirects users to a malicious sports-based domain and the other injection attempts black hat SEO tactics to boost ranking for a gambling casino site.

Moving on, a year-old flaw in Adobe Commerce and Magento stores could be abused for arbitrary code execution on unpatched sites. The flaw has been assigned a CVSS score of 9.8.

Top Breaches Reported in the Last 24 Hours

Breach impacts 37 million T-Mobile 
T-Mobile disclosed a breach event that concerns the personal details of 37 million users. Threat actors accessed its internal system to pilfer information such as names, emails, phone numbers, billing addresses, dates of birth, and account numbers. This marks T-Mobile’s sixth major breach since 2018.

Government body in Costa Rica targeted
Costa Rica’s Ministry of Public Works and Transport (MOPT) disclosed suffering a ransomware attack that resulted in the encryption of 12 of its servers. The attack knocked all of MOPT’s computer systems offline. The body has urged citizens to beware of social engineering attempts via stolen data.

Top Malware Reported in the Last 24 Hours

Two malware strains impacted over 300 sites
Security experts at Sucuri stumbled across a database injection comprised of a pair of malware payloads. The first one would redirect online users from the targeted WordPress sites to an infected sports website and the other one boosts the domain authority of a malicious casino website within search engines. While the first one infected 270 sites, 82 sites were impacted by the second one.

Top Vulnerabilities Reported in the Last 24 Hours

XSS in Ghost CMS
Cisco Talos reportedly uncovered multiple cross-site scripting (XSS) bugs in Ghost CMS that could lead to privilege escalation. According to experts, these bugs can be triggered in case a higher-privileged user simply previews or visits any post by the malicious user. Ghost has responded to this advisory and refutes the possibility of it.

Azure services face threat from EmojiDeploy
An attacker can exploit an RCE flaw, dubbed EmojiDeploy, to deploy malicious ZIP archives on the victim’s Azure application, revealed security analysts at Ermetic. The vulnerability also affects other cloud services such as Function Apps, App Service, and Logic Apps. Hackers can use this opportunity to gain access to sensitive data, conduct phishing attacks, and even perform lateral movement to other Azure services.

Threat to Adobe Commerce and Magento stores
E-commerce security firm Sansec warned vendors and agencies to heed a critical mail template bug in Adobe Commerce and Magento stores. The bug, CVE-2022-24086, received a patch in February 2022. The flaw is an improper input validation bug in the checkout process. A hacker can abuse this to achieve arbitrary code execution.

Top Scams Reported in the Last 24 Hours

Sneaky ad scam reaches 11 million devices
HUMAN Security announced the takedown of VASTFLUX, a massive digital ad fraud operation spreading malicious JavaScript code. The scale of the campaign was so large that it spoofed more than 1,700 apps from at least 120 publishers. The campaign touched down nearly 11 million devices. and reaching a peak volume of 12 billion ad requests a day.


wordpress website
ghost cms
t mobile
magento site
ministry of public works and transport
adobe commerce

Posted on: January 20, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.