Go to listing page

Cyware Daily Threat Intelligence, November 17, 2022

Cyware Daily Threat Intelligence, November 17, 2022

Share Blog Post

With the holiday season approaching, online stores are at their most critical and vulnerable times. As per a recent report, almost 40% of Magento and Adobe Commerce stores have been targeted by ‘TrojanOrders’ attacks conducted by at least seven hacker groups. Meanwhile, Iranian hackers attacked a government organization by exploiting the Log4Shell vulnerability in VMware systems. 

Researchers found an info-stealer hiding in Python packages to steal credentials, personal information, and cryptocurrency. A significant number of critical vulnerabilities were also addressed in the last 24 hours; F5 patched two high-severity RCE bugs in its BIG-IP and BIG-IQ devices and Mozilla released Firefox 107 to fix several high-impact flaws.


Top Breaches Reported in the Last 24 Hours


‘TrojanOrders’ attacks on Magento stores
According to the security firm Sansec, at least seven threat actors have targeted almost 40% of Magento 2 websites with ‘TrojanOrders’ attacks by exploiting a critical mail template vulnerability. As part of the observed attacks, threat actors first probe Magento and Adobe Commerce stores to trigger the system to send an email, with exploit code in one field.

Iranian hackers target government organization
Iranian state-backed actors exploited the Log4Shell vulnerability in VMware systems to compromise a federal agency. They exploited the vulnerability in an unpatched VMware Horizon server, installed XMRig crypto-mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence.

Claims processing firm exposes PHI
A misconfigured server at Kentucky-based CorrectCare Integrated Health, a medical claims processing firm, exposed sensitive information of about 600,000 inmates who received medical care during the last decade. The CorrectCare web server exposed two file directories containing protected health information of prisoners and patients information.

DDoS attack on FBI
A pro-Russian hacking group, KillNet, claimed responsibility for a DDoS attack against FBI websites. On its Telegram channel, it shared a post containing links that showed connection errors on the FBI’s Law Enforcement Enterprise Portal (LEEP) which serves as a job site and portal for law enforcement resources.


Top Malware Reported in the Last 24 Hours


Info-stealer malware hides in PyPI
Researchers have discovered new malicious packages on PyPI, a package index for Python developers, infected with an info-stealer. Dubbed WASP, the malware uses steganography and polymorphism to evade detection and is designed to steal credentials, personal information, and cryptocurrency. The operator has been found selling copies of WASP to other attackers at $20 (to be paid in the form of cryptocurrency or gift cards).


Top Vulnerabilities Reported in the Last 24 Hours


F5 fixes two RCE bugs
Researchers discovered several vulnerabilities in F5 BIG-IP and BIG-IQ devices running a customized distribution of CentOS. The security vendor fixed two high-severity RCE vulnerabilities—CVE-2022-41622 and CVE-2022-41800—in its products. While the former is an unauthenticated RCE via cross-site request forgery (CSRF) that impacts BIG-IP and BIG-IQ products, the latter is an authenticated RCE via RPM spec injection that resides in the Appliance mode iControl REST.

Firefox 107 patches high-impact flaws
The latest version 107 of the Mozilla Firefox web browser patches a total of 19 CVE identifiers, and nine of them have been rated as ‘high-impact’ flaws. The high-impact vulnerabilities could lead to information disclosure, fullscreen notification bypass for spoofing attacks, and crashes or arbitrary code execution resulting from use-after-free bugs.


 Tags

killnet group
fbi
iranian apt groups
trojanorders attacks
correctcare integrated health
firefox 107
magento stores
wasp malware
f5 big ip
f5 big iq

Posted on: November 17, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.