Go to listing page

Cyware Daily Threat Intelligence, November 08, 2022

Cyware Daily Threat Intelligence, November 08, 2022

Share Blog Post

Top banking customers in India were found to be targeted by at least five malware families. Cybercriminals have erected phishing sites spoofing banks to trick users into blurting out their personal as well as card details. In the next threat, Ember.js, a JavaScript framework, was found vulnerable to the prototype pollution flaw. If chained with other bugs in the target application, hackers can perform several malicious activities, including credential theft.

Multiple breach incidents were reported in the past 24 hours, including one on Canadian meat giant Maple Leaf Foods. In another unfortunate event, an IT outsourcing vendor in the Middle East, which also works with government agencies in the Kingdom of Saudi Arabia, became the target of a data leak.

Top Breaches Reported in the Last 24 Hours


The second Central Bank of Russia attack
Ukrainian hackers claimed to steal 2.6GB from the Central Bank of Russia. The leaked files contain records about the bank’s operations, security policies, and personal data of employees (both current and former). This is purportedly the second hack aimed at the bank this year. In March, the Anonymous collective leaked 35,000 documents from the bank and published them online.

Medibank and REvil bout continues
The REvil ransomware group once again threatened Australian health insurer Medibank that it will release all the stolen data in the next 24 hours if the ransom demand isn’t met. Meanwhile, Medibank announced that the attack impacted about 9.7 million individuals. For a majority of victims, health records have also been compromised.

Data leak for BPO firm
Justice Blade threat actor released data from outsourcing IT vendor Smart Link BPO Solutions. The vendor works with relatively bigger organizations and government agencies in the Kingdom of Saudi Arabia and other countries in the GCC. It is said that cybercriminals may have stolen CRM records, personal information, contracts, account credentials, and email communications.

Operations interrupted at Maple Leaf Foods 
Maple Leaf Foods, Canada's largest prepared meats and poultry food producer, suffered a potential interruption in its operations in light of a cyberattack. The incident has caused an outage in its services that vary by business unit, plant, and site. The firm has 21 manufacturing facilities, employs 14,000 people, and contracts over 700 barns.

Top Malware Reported in the Last 24 Hours


Vultur trojan on Google Play Store
Cleafy researchers unveiled three apps on Google Play, namely RecoverFiles, Zetter Authenticator, and My Finances Tracker dropping a banking trojan. Named Vultur, the trojan has also evolved its evasion techniques. Sources say the Brunhilda DaaS (Dropper as a Service) is the brainchild behind the malware. 

Phishing against Indian banking customers
Trend Micro uncovered five banking malware families—Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy—targeting bank customers in India through SMS phishing campaigns. The SMS messages lure users with offers such as getting a tax refund or credit card reward points. It also carries a phishing link that can extract their PII and credit card data.

Spymax RAT promotes Indian defense personnel
Cyber firm Cyfirma uncovered a malicious Android installation package that arrives as a decoy copy of a promotion letter to the ‘Subs Naik’ rank. The malware loaded is a variant of Spymax RAT, whose source code is easily found on the dark web. Once inside a device, the malware asks for several permissions, including camera, storage, microphone, and internet access.

Top Vulnerabilities Reported in the Last 24 Hours


The buggy JavaScript framework 
A bug spotted in Ember.js could potentially allow an unauthenticated user to launch cross-site scripting (XSS) attacks and steal user information. The framework is affected by the prototype pollution vulnerability that exploits JavaScript’s dynamic property-assignment features to make global changes to critical objects.

ICS Patch Tuesday
Siemens issued nine new security advisories and Schneider Electric published one new advisory in its latest ICS Patch Tuesday. Siemens advisories encompass a total of 30 bugs, whereas Schneider covered three vulnerabilities in its NetBotz security and environmental monitors.

 Tags

spymax rat
revil ransomware
saudi arabia
siemens energy
smart link bpo solutions
ics patch tuesday
maple leaf foods
vultur malware
xss attacks
emberjs
central bank of russia
company schneider electric
banking trojans
medibank private limited

Posted on: November 08, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.