Go to listing page

Cyware Daily Threat Intelligence, November 10, 2022

Cyware Daily Threat Intelligence, November 10, 2022

Share Blog Post

Researchers have unearthed a massive black hat malicious redirect malware campaign affecting over 15,000 websites. One odd feature of this campaign is that it promotes a handful of fake low-quality Q&A sites, such as for pharma, essay writing services, and not-so-popular designer products. In other news, a new malware, StrelaStealer, attempted to trouble Outlook and Thunderbird users. The malware specifically goes after Spanish-speaking users.

What more? Nearly a dozen sensitive vulnerabilities were patched for Google Chrome that concern users across Windows, Mac, and Linux. However, Google hasn’t disclosed full details about several of the bugs sighting the fear of exploit development by hackers. 

Top Breaches Reported in the Last 24 Hours


Medibank data leaked on dark web
Hackers have released a portion of the stolen Medibank customer data on the dark web after the health insurer refused to pay a ransom to hackers. The data released includes names, dates of birth, phone numbers, addresses, email addresses, Medicare numbers, and, in some cases, passport numbers and health claims data.

Top Malware Reported in the Last 24 Hours


StrelaStealer spreads through popular email clients
Users of Outlook and Thunderbird email clients are being actively targeted in an information-stealing campaign. Hackers deploy the new StrelaStealer malware to extract email account credentials of users. They use Spanish-speaking lures to trick users.

Malicious ‘apicolor’ PyPI package 
Apicolor,’ a malicious package on the PyPI Index was observed leveraging a steganographic trick to hide malicious code within image files. The package is described as a "Core lib for REST API.” It has three main components: malicious code, carrier code, and the infecting package. Researchers claim the findings reflect careful planning and thought by the threat actor.

Top Vulnerabilities Reported in the Last 24 Hours


Path Traversal bug ABB Totalflow
Researchers at Team82 uncovered a high-severity flaw in ABB Totalflow flow systems and controllers. Tracked as CVE-2022-0902, the path-traversal flaw allows hackers to inject malicious code and enable arbitrary code execution. The flaw affects several ABB G5 products. The firm has released a fix via an advisory that also recommends network segmentation as a mitigation strategy.

Google Chrome patches vulnerabilities
Google has patched 10 security gaps in its latest Chrome update for Windows, Mac, and Linux. Six of the bugs addressed were labeled 'high severity'. These bugs could be exploited for heap corruption via a specially crafted HTML page. Google has recommended applying the Chrome security patches with version 107.0.5304.106/.107 for Windows and version 107.0.5304.110 for Mac and Linux.

Bug in Lenovo UEFI firmware
A set of three security flaws in Lenovo’s UEFI firmware has been found affecting several IdeaPad, Yoga, and ThinkBook devices. The bugs can let an attacker disable UEFI Secure Boot or restore factory default Secure Boot databases (incl. dbx) just from an OS. The bugs are tracked as CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432.

Top Scams Reported in the Last 24 Hours


SEO poisoning campaign via thousands of websites
A black hat SEO campaign was spotted in the wild by website security firm Sucuri. The scammers have been able to compromise nearly 15,000 websites, that redirect users to fake Q&A discussion forums. The attackers targeted a majority of WordPress PHP files, such as 'wp-singup.php', 'wp-settings.php', 'wp-cron.php', 'wp-mail.php', and 'wp-blog-header.php.'

 Tags

seo poisoning attack
uefi flaws
strelastealer
medibank
malicious pypi packages
lenovo
abb totalflow
google chrome bug

Posted on: November 10, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.