Go to listing page

Cyware Daily Threat Intelligence, October 18, 2022

Cyware Daily Threat Intelligence, October 18, 2022

Share Blog Post

Operation CuckooBees campaign is back in action. After being dormant for around three months, researchers have found that the attackers are using Spyder Loader malware to infect organizations in Hong Kong. The capabilities of the malware include collecting information from victims’ systems and executing malicious payloads. In another update, a new UEFI bootkit called BlackLotus is being actively sold on different hacker forums. It includes different obfuscation features and can also be used to launch Bring Your Own Vulnerable Driver (BYOVD) attacks.

Meanwhile, a newly found critical Apache Commons Text flaw has been compared to the notorious Log4Shell vulnerability. Dubbed as Text4Shell, the flaw can be exploited to execute malicious code. While there is no evidence of widespread exploitation, organizations have been urged to upgrade the software with the latest version to prevent attacks.

Top Breaches Reported in the Last 24 Hours

Keystone Health discloses data breach

Pennsylvania healthcare provider Keyston Health has disclosed a data breach that impacted the personal information of over 230,000 patients. The incident occurred between July and August after threat actors gained unauthorized access to files within systems. The compromised data includes names, social security numbers, and clinical details of patients.

Medibank confirms ransomware attack

Australian insurance firm Medibank has confirmed that the cyberattack that disrupted its online services was actually a ransomware attack. The attack occurred last week, following which the firm immediately shut down parts of its systems to reduce the impact. Currently, the operations are back to normal and the firm is yet to ascertain the scope of the attack. 

Top Malware Reported in the Last 24 Hours

Spyder Loader malware detected

Researchers have observed new activities related to the Operation CuckooBees campaign that was first observed in May. The campaign has been upgraded to target organizations in Hong Kong using Spyder Loader malware. The malware is capable of collecting information on corrupted devices, executing malicious payloads, and coordinating C2 communication. 

New BlackLotus bootkit

A threat actor is selling a new UEFI bootkit that comes with an anti-virtual machine (anti-VM), anti-debug, and code obfuscation features to block malware analysis attempts. Named BlackLotus, the malware is linked to APT41 threat actors and can be used to load unsigned drivers for launching Bring Your Own Vulnerable Driver (BYOVD) attacks.

Top Vulnerabilities Reported in the Last 24 Hours

Zoom rolls out security patches

Zoom has issued a high-priority patch for macOS, along with a warning that threat actors could abuse the software to control conference calls and meetings. The vulnerability, tracked as CVE-2022-28762, affects versions prior to 5.12.0 of Zoom Client Meetings for macOS. It carries a score of 7.3 on the CVSS scale. Besides this, Zoom has also released a patch for a medium-severity flaw affecting its On-Premise Meeting Connector Multimedia Router (MMR).

New Text4Shell flaw patched

A newly discovered Text4Shell flaw impacting Apache Commons Text library can result in code execution attacks. The vulnerability is tracked as CVE-2022-42889 and exists in the StringSubstitutor interpolator object. Organizations have been urged to upgrade the software to version 1.10.0 to fix the issue. 

A zero-day flaw in Fortinet devices

Over 17,000 Fortinet devices vulnerable to a zero-day flaw are exposed online. Confirming that the flaw is currently being exploited in the wild, the firm has urged organizations to use updated versions. The vulnerability is tracked as CVE-2022-40684 and impacts FortiOS/FortiProxy versions 7.0.7 or 7.2.2. An attacker can exploit the vulnerability to log into vulnerable devices. 

Top Scams Reported in the Last 24 Hours

FBI warns about student loan scams

The FBI is warning of potential fraud schemes that target individuals seeking the federal student loan forgiveness program. The scammers leverage websites, emails, text messages, and phone calls and purport to offer entrance into the program to target people. Consequently, they collect personal information that can be used for future cybercrimes.


blacklotus bootkit
log4shell vulnerability
fortinet devices
spyder loader malware
bring your own vulnerable driver byovd attacks
text4shell flaw

Posted on: October 18, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.