Researchers have identified a new attack wave propagating MooBot, a version of Mirai botnet. Palo Alto Networks reported that the malware has altered its targeting scope in this campaign. In other news, Cisco Talos stumbled across a new threat, dubbed MagicRAT, by the Lazarus APT group. The infection relies on the successful exploitation of vulnerabilities in VMWare Horizon platforms. The C2 infrastructure for the RAT also spreads new strains of TigerRAT.
Zyxel has released a warning to patch NAS devices after it was made aware of a critical vulnerability in them. With a CVSS v3 severity score of 9.8, the RCE flaw opens the gate to several threats such as elevation of privilege, data theft, and ransomware deployment.
Top Breaches Reported in the Last 24 Hours
Attack on U.K’s top transport firm
A cyberattack rendered some of the services of Go-Ahead, one of the U.K’s leading transport companies, useless. Several of its back office systems, such as bus services and payroll software, were impacted. The company runs nearly a quarter of London’s buses and services in Southern and Eastern England. It has bus contracts in Sweden, Singapore, and Ireland too.
Ransomware attack targets non-profit art school
Savannah College of Art and Design (SCAD) was the victim of a ransomware attack that resulted in the leak of sensitive records of hundreds of people. Hackers gained access to its information network systems. The AvosLocker ransomware group could be behind the attack as it added SCAD to its leak site and gave two weeks’ time to pay the demanded ransom.
Top Malware Reported in the Last 24 Hours
Lazarus experiments with MagicRAT
Researchers at Cisco Talos linked North Korean nation-state threat actor Lazarus to MagicRAT, a new RAT they discovered in the wild. The payload was deployed in victim networks after exploiting internet-facing VMware Horizon servers. Besides, the C2 infrastructure of MagicRAT was also found serving newer versions of TigerRAT.
Top Vulnerabilities Reported in the Last 24 Hours
Critical RCE bug in Zyxel NAS devices
Networking equipment vendor Zyxel has addressed a high-severity flaw that impacts its Network-Attached Storage (NAS) devices. Tracked as CVE-2022-34747, the flaw is a format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. A hacker can exploit it to pull off RCE-based attacks via a specially crafted UDP packet.
Vulnerable D-Link devices
MooBot, a variant of the Mirai botnet, was found compromising D-Link devices by abusing multiple exploits. The flaws under attack are CVE-2015-2051, CVE-2018-6530, CVE-2022-26258, and CVE-2022-28958. These allow the hackers to convert those devices into an army of DDoS bots. The manufacturers have highly recommended users patch their appliances.