Go to listing page

Cyware Daily Threat Intelligence, November 01, 2022

Cyware Daily Threat Intelligence, November 01, 2022

Share Blog Post

Initial access brokers selling remote access to compromised networks are on the rise. A new report reveals that access to around 576 corporate networks worldwide is being sold on hacker forums. The top targeted networks include organizations in the manufacturing and professional services sectors. 

Besides this, stolen credentials databases are flourishing on underground markets. It is believed that each of these databases includes millions of credential sets that can be used for credential-stuffing attacks. These valuable sets of credentials are sold at prices of up to $120,000. 

In a security update, the maintainers of the SQLite database engine fixed a 22-year-old DoS flaw that could have allowed attackers to crash or take control of the software.

Top Breaches Reported in the Last 24 Hours


Access to compromised networks on sale
According to a new report, access to around 576 corporate networks worldwide for a total cumulative price of $4 million is being sold on underground forums. Cybercriminals purchasing access to these networks can launch credential theft or ransomware attacks. The top targeted organizations include those in the manufacturing and professional services sectors. 

Chegg fails to report data breaches
Education tech giant Chegg is under fire for failing to report its 40 million users and employees about four data breaches that occurred in the past four years. As per the FTC, the compromised data include the social security numbers, financial details, dates of birth, and medical information of individuals. 

Stolen credentials on sale
Valuable sets of stolen credentials that can be used for credential-stuffing attacks have been put on sale on underground forums. Each database can include millions of credentials sets and is sold at prices of up to $120,000. The primary reason for the boost in the stolen credentials is due to many websites failing to comply with the policy and storing passwords in plain text. 

Top Malware Reported in the Last 24 Hours

New version of LODEINFO malware
The China-based Cicada hacking group, aka APT10, was observed using a new version of LODEINFO backdoor malware to infect Japanese organizations. The malware was distributed by abusing security software. It uses the XOR algorithm as part of the evasion techniques. The targeted entities include media groups, diplomatic agencies, and think tanks in Japan.

Top Vulnerabilities Reported in the Last 24 Hours

Flawed Junos OS fixed
Juniper Networks issued patches for multiple vulnerabilities affecting the J-Web component of its Junos OS. These flaws are tracked as CVE-2022-22241, CVE-2022-22242, CVE-2022-22243, CVE-2022-22245, and CVE-2022-22246. They could allow attackers to perform remote code execution, cross-site scripting, and route injection attacks. 

MotW flaw patched
An unofficial patch has been issued for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to bypass Mark-of-the-Web (MotW) protections. The fix arrives after the reporting of the Magniber ransomware campaign abusing the flaw. 

22-year-old DoS flaw patched
The maintainers of the SQLite database engines have patched a high-severity flaw that was left unaddressed for around 22 years. The denial of service vulnerability could allow attackers to crash or control programs that rely on the software. It is tracked as CVE-2022-35737 and has a CVSS score of 7.5


 Tags

income tax refunds
sqlite database engine
stolen credentials databases
chegg
lodeinfo malware
mark of the web motw protections

Posted on: November 01, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.