Go to listing page

Cyware Daily Threat Intelligence, October 12, 2022

Cyware Daily Threat Intelligence, October 12, 2022

Share Blog Post

Voila! Patch Tuesday updates are here. Multiple software makers and ICS giants rolled out updates to protect their clients and users across the globe from a variety of cyberattacks. The top firms releasing updates include Microsoft, Siemens, Schneider Electric, Adobe, and SAP. A cybersecurity firm also took the wraps off a cybercriminal group attempting to capitalize on the Russian-Ukraine war situation. It is reportedly using a multi-stage attack chain involving Cobalt Strike Beacon.

What more? A Brazil-based cybercrime group typosquatted and starjacked nearly 200 open-source npm packages. By creating a false sense of legitimacy for their packages, the group aimed to exploit systems using malicious payloads, password stealers, and more.

Top Breaches Reported in the Last 24 Hours


Additional breach disclosure by Omnicell
Omnicell, an American multinational healthcare technology firm, announced that a breach earlier this year affected an additional 64,000 individuals. In the previous disclosure, the count was 62,000 patients. Its IT systems and third-party cloud services fell victim to ransomware attacks. The compromised data may include credit card information, SSNs, driver's license numbers, health insurance details, and more.

Multi-stage threat against Ukraine-Russia
FortiGuard Labs observed a highly opportunistic campaign wanting to take advantage of the ongoing Russia-Ukraine conflict. Researchers stumbled across a malicious Excel document impersonating a tool to calculate salaries for Ukrainian military personnel. It was found capable of downloading multi-stage loaders and also dropping Cobalt Strike Beacon malware infection.

Top Malware Reported in the Last 24 Hours


LockBit exploited Exchange zero-days?
According to cybersecurity firm AhnLab, LockBit ransomware affiliates are exploiting bugs in Microsoft Exchange servers. It is surmised that attackers used an undisclosed zero-day vulnerability. AhnLab claims two servers operated by one of its customers suffered infection with LockBit 3.0 ransomware in July. However, Kevin Beaumont, a renowned researcher, is not convinced that it’s a zero-day.

Black Basta-QakBot-Brute Ratel
Experts at Trend Micro alleged that the Black Basta ransomware is distributing a QakBot variant which further deploys the Brute Ratel framework as a second-stage payload. A large number of groups displayed greater interest in the cybercriminal underground for Brute Ratel, they noted. Also, this marks the first time they witnessed Brute Ratel as a second-stage payload via a QakBot infection.

200 malicious npm packages identified
Cybercrime group LofyGang dispatched roughly 200 malicious NPM packages containing or potentially linked to malicious payloads, Discord-specific malware, and password stealers. The Brazil-based group has been communicating between administrators and members and providing tech support for its hacking tools through a Discord server.

Top Vulnerabilities Reported in the Last 24 Hours


ICS Patch Tuesday update
Siemens and Schneider Electric released a total of 19 security advisories for the October 2022 Patch Tuesday. The former issued 15 advisories covering two dozen security holes with CVE-2022-38465 (related to a global cryptographic key) being the most critical one. The latter issued four new advisories covering a dozen vulnerabilities with six high-severity bugs leading to arbitrary code execution.

Microsoft Patch Tuesday fixes zero-day
In the latest round of patch Tuesday updates, Microsoft addressed a total of 85 security holes. Out of these, 15 are rated Critical, 69 as Important, and one is rated Moderate on the severity scale. This also includes fixes for an actively exploited zero-day, CVE-2022-41033, in the wild. The update, however, fails to offer mitigations against actively exploited ProxyNotShell flaws in Exchange Server.

Security Patch Day at SAP
German enterprise software maker SAP released 15 new security notes and also updated two previously released security notes. The recent release includes two ‘hot news’ notes with critical vulnerabilities, the most severe of which is a file path traversal in Manufacturing Execution - CVE-2022-39802. It has a CVSS score of 9.9 and concerns two plugins for displaying work instructions and models.

Adobe fixes critical bugs
Adobe security patches for 29 documented vulnerabilities across multiple enterprise-facing products are out with a warning of hackers exploiting those to take over vulnerable machines. The bugs impact both Windows and macOS users with the potential for arbitrary code execution, security bypass, arbitrary file system writing, and privilege escalation attacks. Some of the critical-rated flaws scored 9.8/10 in the CVSS severity rating.

 Tags

qakbot stager
lofygang
siemens devices
brute ratel
black basta ransomware
patch tuesday
sap bug
npm packages
russia ukraine conflict
omnicell
lockbit 30
adobe fix
schneider electric

Posted on: October 12, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.