Go to listing page

Cyware Daily Threat Intelligence, January 25, 2023

Cyware Daily Threat Intelligence, January 25, 2023

Share Blog Post

Of late, the manufacturing sector has been witnessing a major threat from cybercriminals. Along the same lines, a new report by Unit 42 researchers uncovered a massive rise in threat actors exploiting a Realtek Jungle SDK RCE flaw. Many of the attacks attempted to deliver malware to compromise vulnerable IoT devices from dozens of manufacturers. In another headline, approximately 75% of WordPress sites using the LearnPress plugin were discovered containing critical pre-auth SQL injection and local file inclusion flaws. The availability of a PoC exploit for the SQL injection bug paints a gloomy picture.

Have you been wondering what’s up with Emotet? The newest wave of Emotet infections makes two noticeable additions; it now includes an SMB spreader and a credit card stealer targeting the Chrome web browser. 

Top Breaches Reported in the Last 24 Hours

GoTo robbed of encrypted backups
LastPass’s parent firm GoTo announced losing an encryption key for a part of its encrypted backups to hackers via a third-party cloud storage service. The attack, which occurred in August 2022, affected customer information, such as account usernames, salted and hashed passwords, a portion of MFA settings, as well as some product settings and licensing information.

Attack on a court in Ohio town
Unknown hackers targeted the Circleville Municipal Court, Ohio. Officials didn’t confirm the attack but LockBit’s leak site reportedly listed it as one of its victims. The group claimed to have stolen 500 GB of data from its servers. Last month, the police department, municipal court, and other government offices in Mount Vernon, Ohio, suffered a similar attack.

Top Malware Reported in the Last 24 Hours

Emotet’s back with new bait
Researchers uncovered new waves of Emotet infections that made two noticeable additions that include an SMB spreader and a credit card stealer that targets the Chrome web browser. The former is designed to facilitate lateral movement of the malware using a list of hard-coded credentials.

Dropping malware using Google ads
DEV-0569 actors were found leveraging Google Ads in an ongoing malvertising campaign to propagate a set of malware. It involves RedLine Stealer, Gozi/Ursnif, Vidar, and potentially, Cobalt Strike and others. These hackers can steal victims' passwords and even make way for ransomware attacks by dropping additional payloads. Hackers impersonate several popular software programs in this campaign.

Top Vulnerabilities Reported in the Last 24 Hours

Realtek SDK flaw gains attention
Palo Alto Networks observed that the number of attempts to abuse CVE-2021-35394, a Realtek Jungle SDK remote code execution bug, accounted for over 40% of the total number of attacks between August and October 2022. The attacks are still ongoing. The bug concerns nearly 190 models of devices from 66 different manufacturers.

Multiple critical flaws in WordPress plugin
Three sensitive vulnerabilities affect a WordPress LMS plugin, LearnPress, rendering about 75,000 sites susceptible to attack. One of the flaws, tracked as CVE-2022-47615, allows an unauthorized user to steal the contents of local files from the web server. The other flaws are CVE-2022-45808 and CVE-2022-45820.

Patches out for vRealize Log Insight
VMware rolled out an update against four security flaws affecting vRealize Log Insight (aka Aria Operations for Logs). Two of the flaws rated critical, identified as CVE-2022-31704 and CVE-2022-31706, are broken access control and directory traversal security issues. These could be exploited to achieve remote code execution, irrespective of the difference in the attack pathway.


wordpress website
dev 0569
realtek jungle sdk
google ads
circleville municipal court
vmware vrealize log insight

Posted on: January 25, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.