Go to listing page

Cyware Daily Threat Intelligence, September 12, 2022

Cyware Daily Threat Intelligence, September 12, 2022

Share Blog Post

Malware and their unmatched evasion capabilities continue to grow over the years. Just like in the case of Lampion trojan which has been around since 2019, and has now made a comeback in new phishing attacks against organizations. It is leveraging WeTransfer, a legitimate file-sharing service, to spread stealthily across targeted devices. Separately, multiple high-severity firmware vulnerabilities have been found impacting several models of HP computers for over a year. Unfortunately, the company is yet to provide updates for all the affected devices.

In another update, Google has addressed two critical vulnerabilities in Pixel devices that could lead to privilege escalation. These flaws are part of the 46 vulnerabilities that are addressed in the Android September 2022 Security Update.

Top Breaches Reported in Last 24 Hours


Hackers attack Britain’s PVC-Maker
British PVC manufacturer Eurocell experienced a substantial cyberattack after attackers gained unauthorized access to its systems. The compromised data includes employment terms and conditions, dates of birth, and bank account details of employees. It also contained national identification and tax reference numbers, right-to-work documents, health and wellbeing documents, learning and development records, and disciplinary and grievance documents. The firm indicated that there was no evidence of the data being misused. The number of employees impacted by the breach is yet to be ascertained.

Cisco provides an update on the data breach
Cisco has confirmed that the data leak claimed by the Yanluowang ransomware group on Sunday was actually stolen from its business network during an attack in May. The company insisted that the leak had no impact on its business, including its products or services or any other sensitive information. The threat actor, however, claimed otherwise, insisting that they stole thousands of files amounting to 55GB and that the cache included classified documents, technical schematics, and source code. In August, the company conceded that the hackers had leveraged a compromised VPN account to breach its network.


Top Malware Reported in Last 24 Hours


Lampion trojan makes a comeback
Threat actors are abusing WeTransfer, a legitimate file-sharing service as a part of their phishing campaigns to distribute Lampion trojan. The operators send phishing emails from compromised company accounts urging users to download a Proof of Payment document from WeTransfer. The targets receive a ZIP archive containing a VBS file required to launch the attack. Upon execution, the script initiates a WScript process that creates four VBS files. The ZIP files contain DLL payloads which are loaded into memory, allowing Lampion to steal data from the computer and overlap its own login forms. When users enter their credentials, these fake login forms will be stolen and sent to the attackers.


Top Vulnerabilities Reported in the Last 24 Hours


Google fixes vulnerabilities in Pixel Phones
Google’s September 2022 Security Update has addressed two critical vulnerabilities found in Pixel devices. Tracked as CVE-2022-20231 and CVE-2022-20364, the flaws exist in the Trusty and kernel components of Pixel devices and can lead to escalation of privileges. In addition, three medium-severity vulnerabilities affecting kernel and Qualcomm components have also been patched for all Pixel devices.
 
Vulnerable KEPServerEX product patched
CISA has issued an advisory about two major vulnerabilities affecting PTC’s Kepware KEPServerEX product. The flaws, tracked as CVE-2022-2848 and CVE-2022-2825, can allow attackers to crash a server, obtain data, or remotely execute arbitrary code by sending specially crafted messages to the targeted system. The flaws impact the Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server (IGS), and Software Toolbox TOP Server products, all of which rely on the KEPServerEX OPC UA engine.
 
Vulnerabilities in HP devices remain unfixed
Six high-severity firmware vulnerabilities were reported impacting a wide range of HP high-end notebooks used in enterprise environments. Three of these flaws were made public in July 2021, and the remaining three in April, however, the vendor is yet to release security updates for some of the affected models. The vulnerabilities are tracked as CVE-2022-23930, CVE-2022-31644, CVE-2022-31645, CVE-2022-31646, CVE-2022-31640, and CVE-2022-31641. They exist in the System Management Module (SMM) and can lead to arbitrary code execution.

 Tags

lampion trojan
eurocell
hp devices
yanluowang ransomware group
ptcs kepware kepserverex product

Posted on: September 12, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.