Cyware Daily Threat Intelligence
Daily Threat Briefing • Dec 14, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Dec 14, 2022
A phishing attack campaign disguised as alerts from representatives of Ukrainian government agencies is crippling systems in Ukraine to steal confidential data. It reportedly drops the DolphinCape malware to harvest computer information, run executable files, and even take screenshots of compromised devices. Furthermore, a zero-day flaw affecting Citrix products is being exploited by a threat actor that is believed to be operating on behalf of Chinese interests. For now, a small number of targeted attacks have been identified.
Microsoft’s final Patch Tuesday of the year addressed 49 vulnerabilities, with six of them prone to critical RCE attacks. One of the bugs that is being exploited in the wild is a Windows SmartScreen security feature bypass flaw.
Payment giant exposed sensitive records
Website Planet stumbled across an open, unprotected database belonging to Cornerstone Payment Systems, a credit card processing company in California. The database contained over 9 million transaction records, including PII and credit card-related data of merchants and payees. Such data in the wrong hands can be exploited against victims, warned researchers.
Municipalities in Sweden under attack
Swedish municipalities of Borgholm and Mörbylånga were the victim of a cyberattack. Researchers spotted an intrusion in the joint IT system used by the two municipalities. Systems belonging to both municipalities were taken offline in the wake of the attack. The nature of the incident has not yet been disclosed, more details are awaited.
Attack on California hospital
San Gorgonio Memorial Hospital, Riverside County, California, found itself engulfed in a breach that blurted out patients' sensitive personal and medical data. According to a notice issued, an unauthorized third party circumvented the networks of the hospital. The number of victims of this incident is not known yet.
Phishing campaign drops DolphinCape
A series of phishing attacks, aimed at Ukrainian government agencies and the state railway, was found dropping the DolphinCape malware that is written using the Delphi programming language. CERT-UA is tracking the attack group as UAC-0140. Phishing attacks are quite commonly used in attacks targeting Ukraine and account for nearly 60-70% of all cyberattacks.
GoTrim scans Wordpress sites
New Go-based botnet dubbed GoTrim was seen pursuing brute force techniques to extract administrators’ passwords and take over self-hosted WordPress and OpenCart sites. Hackers can take this opportunity to deploy other malware or even perform card-skimming attacks. Experts at Fortinet are the first to analyze the malware’s potent capabilities.
Microsoft fixes nearly 50 flaws
Microsoft has issued patches for two zero days in its final Patch Tuesday of 2022. A total of 49 patches have been released that includes 23 RCE, 19 privilege escalation, 2 security feature bypass, 3 information disclosure, 3 DoS, and one spoofing flaw. Out of 49, six were marked 'Critical' owing to their RCE capabilities.
About a dozen advisories by Apple
Apple has issued 10 security advisories concerning its products, which also includes a fix for a zero-day that threat actors have been exploiting against iPhone users. The flaw, identified as CVE-2022-42856, is a type confusion flaw affecting the WebKit browser engine. The flaw could be abused for arbitrary code execution via a specially crafted website.
NSA highlights Citrix bug abuse
The National Security Agency (NSA) strongly suspects APT5’s participation in the active exploitation of a zero-day in Citrix Application Delivery Controller (ADC) and Gateway. A hacker exploiting the vulnerability, CVE-2022-27518, can take over affected systems. Citrix ADC and Citrix Gateway versions 13.1 are not impacted by the flaw.
SAP’s Patch Tuesday releases
SAP rolled out 14 new and five updated security notes as part of its December 2022 Security Patch Day. The most severe bug addressed, with a CVSS score of 10.0, deals with software updates for the Chrome-based browser in SAP Business Client. Another security note discusses a bug that can threaten the replacement of any file in the BusinessObjects server, at the operating system level, only with normal BI user privileges.
‘That’ vulnerability is ‘Critical’
A bug in the Windows SPNEGO NEGOEX Security Mechanism has been assigned with ‘Critical’ rating after IBM Security X-Force noted that the discovered bug could allow attackers to remotely execute code. CVE-2022-37958 is a pre-authentication RCE vulnerability impacting a range of protocols and can enable wormable abilities for attackers.