Go to listing page

Cyware Daily Threat Intelligence, November 02, 2022

Cyware Daily Threat Intelligence, November 02, 2022

Share Blog Post

Another day, another LockBit victim! Since the unveiling of its version 3.0, LockBit affiliates have been claiming victims across sectors non-stop. Today, we have the French defense and technology group, Thales. In another vein, a fake VPN app attempted to trick an Iranian minority community. Known as SandStrike, it supports commands that enable attackers to perform malicious operations on the device.

Meanwhile, a much-anticipated security update from OpenSSL landed in the past 24 hours. OpenSSL patched two sensitive vulnerabilities that concerned version 3.0.0 and later, and have been addressed in version 3.0.7.

Top Breaches Reported in the Last 24 Hours


Dropbox phished for GitHub
Cloud storage service provider Dropbox fell victim to a phishing attack. Hackers successfully copied 130 private GitHub code repositories, while also swiping some of its secret API credentials. The incident came to light after Microsoft's GitHub detected suspicious behavior on Dropbox's corporate account.

LockBit 3.0 hijacks Thales network
French aerospace and defense technology firm Thales Group suffered a breach by the LockBit 3.0 ransomware affiliates. Hackers have been given an ultimatum of November 7 for coughing up the demanded ransom. Notably, the gang is yet to publish the sample stolen data.

HENSOLDT suffered ransomware attack
Another French company, HENSOLDT France, was allegedly crippled by the Snatch ransomware group. The cybercriminal group has also published a sample of the stolen data as proof of the incident. The company specializes in providing military and defense electronics solutions both in France and abroad.

Prime Video viewing habits data exposed
An Elasticsearch database containing Prime Video viewing habits, stored on an internal Amazon server, was left unprotected without a password. The database dubbed Sauron had 215 million records of pseudonymized viewing data. 

Top Malware Reported in the Last 24 Hours


Information-stealing via Android apps 
Malwarebytes uncovered a set of four Android apps—created by the same developer—redirecting victims to infectious websites as part of an adware and information-stealing campaign. Altogether, these apps had over 1 million downloads. Hackers would wait for nearly four days before opening the first phishing site in the Chrome browser.

Iranian community targeted using spyware
Kaspersky spotted an espionage campaign involving Android spyware SandStrike to target followers of the Baha?i faith, the Persian-speaking religious community. Cybercriminals used a VPN application as bait that claimed to provide access to Baha?i religious resources that are banned in Iran.

Top Vulnerabilities Reported in the Last 24 Hours


OpenSSL addressed two high-severity bugs
Two vulnerabilities received fixes by the OpenSSL Project in its open-source cryptographic library used to encrypt communication channels and HTTPS connections. The bugs, identified as CVE-2022-3602 and CVE-2022-3786, could lead to crashes or RCE attacks or, trigger a denial of service state via a buffer overflow.

Authentication bypass issue in Jupyter Notebooks
Microsoft highlighted an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB. Though no evidence of malicious activity was detected, the bug could allow full read and write access to unauthenticated hackers. It noted that no action is required from the customer side.

Multiple bugs in Checkmk IT Infrastructure
Researchers have found four vulnerabilities in Checkmk IT Infrastructure monitoring software. If chained together, can be exploited to gain remote code execution on the server running Checkmk version 2.1.0p10 and lower. A total of four vulnerabilities were reported, two Critical and two Medium severity.

 Tags

openssl project
android apps
api credentials
checkmk
dropbox
hensoldt france
sandstrike
thales group
lockbit 30
jupyter notebooks
amazon prime video

Posted on: November 02, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.