Go to listing page

Cyware Daily Threat Intelligence, July 28, 2022

Cyware Daily Threat Intelligence, July 28, 2022

Share Blog Post

Taiwan-based software firm and the CISA warned against a couple of vulnerabilities affecting Moxa’s NPort 5110 device servers. With a mere network connection to the targeted device, the bugs can be abused and exploitation can be automated in a few minutes. Additionally, three security holes were patched by LibreOffice. Exploiting these may have provided the adversaries access to encrypted passwords, along with executing arbitrary code on compromised systems.

LofyLife campaign has become a new mode of infection for cybercriminals luring Discord users. The campaign leverages infected npm modules to inject Volt Stealer malware and pilfer sensitive user data.

Top Breaches Reported in the Last 24 Hours


U.S.-based managed service provider attacked
A hacker group crippled the networks of NetStandard MSP, knocking the company’s MyAppsAnywhere cloud services offline. Experts opine that the attack may have a broader impact as the company's primary website was also pulled offline to contain the attack.

Top Malware Reported in Last 24 Hours


Cyber mercenary abuses zero-day in Microsoft
Austrian hack-for-hire company DSIRF, along with the Knotweed gang, has been abusing multiple bugs in Windows and Adobe software products in a targeted attack campaign against European and Central American individuals. The Private-Sector Offensive Actor (PSOA) drops a surveillance tool known as Subzero. The malware can be used to hack phones, computers, and IoT devices.

Fake npm packages distribute Volt Stealer
Hackers have launched a campaign dubbed LofyLife to infect Discord users with malware capable of harvesting their payment card information. According to Kaspersky, the malware in use is a different version of the Volt Stealer token logger. The malware-infected npm modules include small-sm, pern-valids, lifeculer, and proc-title. 

Top Vulnerabilities Reported in the Last 24 Hours


Critical bugs in industrial device
Two high-severity flaws were fixed for NPort 5110, a widely used industrial connectivity device by Taiwan-based industrial networking and automation solutions provider Moxa. The vulnerabilities, tracked as CVE-2022-2043 and CVE-2022-2044, can be abused by a remote attacker to make a device enter a DoS condition. The CISA has advised impacted organizations to contact Moxa for a security patch.

Open-Xchange addresses six flaws
Software firm Open-Xchange released fixes for two RCE vulnerabilities, two XSS flaws, an SSRF vulnerability, and a Logback component issue affecting OX App Suite, a secure email and collaboration software. The six flaws are CVE-2022-23100, CVE-2022-24405, CVE-2022-23099, CVE-2022-23101, CVE-2022-24406, and CVE-2021-42550, respectively. Researchers reveal that OX App Suite is not susceptible to the last flaw as there are no scenarios that require deploying a vulnerable configuration.

Bugs in a productivity software
LibreOffice has patched three security flaws including an arbitrary code execution bug, CVE-2022-26305, in its productivity suite. The bug can be exploited during improper certificate validation checks. A hacker can create an arbitrary certificate containing a serial number and an issuer string identical to a trusted certificate to execute rogue code packaged within macros.

 Tags

knotweed
cisa warning
open xchange app suite
lofylife
volt stealer
libreoffice
dsirf
netstandard
central america
moxa nport 5110 series

Posted on: July 28, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.