Go to listing page

Cyware Daily Threat Intelligence, November 15, 2022

Cyware Daily Threat Intelligence, November 15, 2022

Share Blog Post

Intercom systems by one of the largest global manufacturers, Aiphone, were found to be plagued by an information disclosure flaw. It could be exploited in a way that an organization may not be aware of any unauthorized access to its premises. A software update isn’t addressing the issue, users need hardware replacement instead. Meanwhile, a new malware variant for Typhon Stealer made the headlines that now exhibits much more effective anti-analysis techniques and enhanced information-stealing features.

Breaches continue to inflict pain on firms in different ways. Of late, Russia's leading urban mobility service Whoosh blurted out personal data for roughly 7.2 million customers.

Top Breaches Reported in the Last 24 Hours


Whoosh and gone!
Russian scooter-sharing service Whoosh has admitted to a data breach after hackers were spotted offering a database holding the identities of 7.2 million subscribers on the dark web. Only users’ personal data, including first names, email addresses, and phone numbers have been compromised. For nearly 1,90,000 customers, it also contains partial payment card details.

Digital certificate authority breached
A Chinese threat actor known as Billbug targeted a digital certificate authority, as well as government agencies and defense organizations across several Asian countries. The campaign, ongoing since at least March, gains initial access to target networks by exploiting public-facing apps with known vulnerabilities.

Top Malware Reported in the Last 24 Hours


Typhon Stealer becomes Typhon Reborn
Crypto miner/stealer for hire, Typhon Stealer, received a new update in the form of Typhon Reborn, disclosed Palo Alto Networks. The new variant boasts enhanced anti-analysis techniques, as well as other stealing and file-grabber features. Researchers found that it leverages Telegram’s API and infrastructure to exfiltrate all stolen data.

Top Vulnerabilities Reported in the Last 24 Hours


Bug in Aiphone intercom products
Application security firm Promon uncovered a bug in Aiphone intercom products, which could enable attackers to hack building entry systems using an NFC tag. Tracked as CVE-2022-40903, the security bug is an information disclosure vulnerability. Aiphone device series GT-DMB, GT-DMB-N, and GT-DMB-LVN running firmware versions prior to 3.00, and GT-DB-VN devices running firmware version 2.00 or earlier are vulnerable.

Top Scams Reported in the Last 24 Hours


Chinese hackers fake brands
'Fangxiao,' a for-profit Chinese cybercrime group, erected a network of more than 42,000 web domains impersonating top brands to redirect users to sites loaded with Triada trojan or other malware. These redirected sites promote adware apps, dating sites, or fake prizes and giveaways to trick victims. Brands targeted span across retail, banking, transport, financial, travel, pharmaceuticals, and energy sectors.

 Tags

billbug
cve 2022 40903
nfc tag
whoosh
fangxiao
web domain impersonation
typhon reborn
typhon stealer
aiphone

Posted on: November 15, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.