Go to listing page

Cyware Daily Threat Intelligence, October 03, 2022

Cyware Daily Threat Intelligence, October 03, 2022

Share Blog Post

The notorious North Korean hacking group Lazarus has added another new malware to its arsenal. Dubbed FudModule, the rootkit exploits a set of five vulnerabilities affecting Dell DBUtil drivers that enables the attackers to deploy several malicious tools on a victim’s system, including droppers, loaders, and backdoors. Meanwhile, accidental exposure of patients’ personal data has been averted after Canon Medical issued patches for two cross-site vulnerabilities affecting its Vitreal View tool. 

There has been a spike in the activities by Bumblebee as researchers observe a new iteration of the malware loader. Active since June, the new version used VHD files to execute PowerShell scripts.  

Top Breaches Reported in the Last 24 Hours


Shangri-La hotel group hacked
A data breach at the Shangri-La hotel group compromised the personal information of its customers. The breach occurred between May and July after hackers gained unauthorized access to its IT network. This impacted the hotels located in Hong Kong, Singapore, Chiang Mai, Taipei, and Tokyo. The organization ascertained no indication of any guest data being misused.

Top Malware Reported in the Last 24 Hours


New rootkit associated with Lazarus
A newly found FudModule rootkit is associated with Lazarus’ ongoing Operation Dream Job campaign. The rootkit is being used to exploit five vulnerabilities (collectively tracked as CVE-2021-21551) affecting Dell DBUtil drivers. This enables attackers to deploy several malicious tools on a victim’s system, including droppers, loaders, and backdoors.

Bumblebee continues to evolve
Bumblebee is constantly evolving as researchers observe a spike in its activities. In the recent iterations, it is found that the malware loader has shifted from the use of ISO to VHD format files containing a PowerShell script. The latest version of the malware is believed to have first appeared in June. 

New Pegasus spyware attack
Several high-profile personalities, including journalists and human rights defenders, were targeted in a new zero-click attack that installed the infamous Pegasus spyware. The attack occurred between 2019 and 2021, according to a report.    

Top Vulnerabilities Reported in the Last 24 Hours


Reflected XSS flaws expose data
Two reflected Cross-Site Scripting (XSS) flaws, collectively known as CVE-2022-37461, found in Canon Medical’s Vitrea View allowed anyone to view shared medical images of patients. The flaws not only enabled access to patient information but can also allow attackers to obtain additional access to various services associated with Vitrea View. Canon Medical has addressed the flaws with the release of Vitrea View version 7.7.6.

Atlassian Bitbucket vulnerability exploited
CISA has added a new Atlassian Bitbucket vulnerability to its Known Exploited Vulnerabilities Catalog as it issues a warning of its exploitation in the wild. Tracked as CVE-2022-36804, the flaw is linked to a command injection bug impacting multiple API endpoints of Bitbucket Server and Data Center.

 Tags

atlassian bitbucket
reflected xss flaws
pegasus spyware
shangri la hotel group
fudmodule rootkit

Posted on: October 03, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.