Share Blog Post
The emergence of a new macOS malware has yet again raised security concerns. In the last 24 hours, researchers shared details of the SpectraBlur backdoor that shares similarities with the recently discovered KandyKorn malware. It is believed that the new malware is the work of the North Korea-based Lazarus group. There’s also an update on a new distribution tactic adopted by the UAC-0050 group to deploy the Remcos RAT against Ukrainian government agencies.
Moving to security updates, Google issued the year’s first security advisory that addresses six vulnerabilities in Chrome. The internet giant further added that there is no evidence of the vulnerabilities exploited in the wild.
Top Breaches Reported in the Last 24 Hours
HACSB targeted
A cyberattack at HACSB in California’s San Bernardino County affected the information of nearly 19,000 people. The organization said names and Social Security numbers were leaked after threat actors accessed an employee email account on June 19, 2023. Upon discovery, it took immediate action by resetting the password for the affected account.
Misconfigured MongoDB exposes data
The MyEstatePoint Property Search app left a MongoDB server publicly accessible, which contained the sensitive details of nearly half a million of its users. The exposed instance contained details such as names, email addresses, plain-text passwords, and mobile phone numbers.
Data leak incident at a law firm
San Francisco-based law firm Orrick, Herrington & Sutcliffe fell victim to a data leak incident that exposed the health information of more than 637,000 users. The incident occurred in February 2023 and compromised the names, dates of birth, email addresses, and government-issued identification numbers of users, among others.
Kyivstar’s network wiped
Russian hackers from the Solntsepek group (believed to be linked to the Sandworm military group) wiped 10,000 computers and thousands of servers associated with Kyivstar’s network. Following the incident, mobile and data services went down, leaving around 25 million mobile and home internet subscribers without an internet connection.
Top Malware Reported in the Last 24 Hours
Remcos used in a phishing attack
In the latest operational twist, the UAC-0050 group has integrated a unique pipe method as part of its evasion tactic to deploy Remcos RAT against government agencies in Ukraine. While the exact initial access vector is currently unknown, it’s suspected to involve phishing emails pretending to advertise consultancy roles with the Israel Defense Forces. Once deployed, Remcos exfiltrates the system and user information.
AsyncRAT spotted in a new campaign
AT&T Alien Labs identified a new campaign to deliver AsyncRAT onto unsuspecting victims’ systems. As part of the evasion tactic, the attackers used malicious JavaScript files embedded in a phishing page and a domain generation algorithm to register new phishing domains. Some of the identified targets were in the U.S.
New SpectralBlur macOS malware
Security researchers have uncovered SpectralBlur, a new macOS backdoor linked to the North Korean malware family KandyKorn. The sample, which is believed to be the work of the Lazarus group, was uploaded to VirusTotal in August 2023 but went undetected until recently. The malware’s capabilities include file operations, shell execution, and communication with a command-and-control server using RC4-encrypted sockets.
Top Vulnerabilities Reported in the Last 24 Hours
Google addresses six vulnerabilities
Google has released a new iteration of Chrome 120, which addresses six vulnerabilities. Three of these vulnerabilities, tracked as CVE-2024-0222, CVE-2024-0224, and CVE-2024-0225, are use-after-free flaws and impact the graphics rendering engine ANGLE, Chrome’s WebAudi component, and WebGPU, respectively. Another flaw is a heap buffer overflow vulnerability (CVE-2024-0223) that impacts ANGLE.
Ivanti addresses a critical RCE flaw
Ivanti has addressed a critical remote code execution vulnerability (CVE-2023-39336) in its Endpoint Management software that can let attackers hijack enrolled devices or the core server. The flaw impacts all versions of the software and has been resolved in version 2022 Service Update 5. So far, the company has not found any evidence of attackers exploiting this vulnerability.
Top Scams Reported in the Last 24 Hours
Crypto scam spotted
Co-founder of Nest Wallet, a cryptocurrency wallet startup, lost $125,000 in a crypto scam after he was tricked into visiting a fake cryptocurrency airdrop site. The target was made to believe in visiting a legitimate site that was part of an article on Medium.
Tags
Posted on: January 05, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
