Go to listing page

Cyware Daily Threat Intelligence, November 07, 2022

Cyware Daily Threat Intelligence, November 07, 2022

Share Blog Post

Robin Banks, of late, has gone through a major transformation. The Phishing-as-a-Service (PhaaS) platform has introduced several new features, including a cookie-stealing capability. Additionally, hackers can now fully access their phishing kit at $1,500 per month. In another breaking news, Microsoft has highlighted the celerity of nation-backed actors in developing exploits for recently uncovered zero-days. Chinese actors happen to be leading the party.

Meanwhile, Apple was found infected with multiple vulnerabilities in its Xcode development environment. The threats due to these ranged from arbitrary command execution to information leaks.

Top Breaches Reported in the Last 24 Hours


Anesthesia management services hit
A breach incident at Somnia Inc., a New York-based administrative services firm, affected the PII of about 430,000 people across 20 anesthesiology practice institutions. At least five other entities, operating in Virginia, California, Kentucky, Illinois, and Pennsylvania, have also filed breach reports.

LockBit stole Victorian School data
Personal records of thousands of Victorian students and their parents may have been exposed to the LockBit threat group. The hack originally occurred at a third-party vendor, PNORS Technology Group. The firm allegedly works with six different departments in the government of the Australian state, including Education and Training.

Top Malware Reported in the Last 24 Hours


Phishing service changes hosting provider
Robin Banks has reportedly relocated its attack infrastructure to Russian hosting services known as DDoS-Guard. Previously, it was counting on Cloudflare for hosting its operations, revealed cybersecurity company IronNet. The cybercriminals involved have also included new features, such as offering a cookie-stealing capability, a 2FA mandate to view the stolen data, or, alternatively, access it via a Telegram bot.

Top Vulnerabilities Reported in the Last 24 Hours


Nation-state actors quick in exploiting zero-days
In a new report, Microsoft revealed that nation-state and other threat actors are increasingly prying on zero-day bugs to infiltrate their targets, potentially even before their public disclosure. Chinese cybercriminals have been observed to be particularly proficient in discovering and developing exploits for zero days. In other cases, researchers reckoned that hackers, on average, take only 14 days to start abusing a zero-day after its public disclosure.

Three bugs patched in Apple Xcode
Apple released a security fix for three Git flaws in the Xcode macOS development environment. The first bug, CVE-2022-29187, is a variant of CVE-2022-24765 that affects multi-user machines by creating a malicious .git directory. Another bug tracked as CVE-2022-39253 could lead to information leaks. The third one, CVE-2022-39260, could lead to arbitrary code execution.

 Tags

robin banks
somnia inc
zero day bug
lockbit groups
anesthesiology practices
git flaws
ddos guard
pnors technology group
victorian school
apple xcode

Posted on: November 07, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.