Share Blog Post
The commercial spyware industry continues to thrive, said a Google researcher as his team took the wraps off of a pair of spyware campaigns. The first campaign involved exploits targeting Android and iOS devices in Italy, Malaysia, and Kazakhstan, whereas the second targeted Samsung Internet Browser in devices in the UAE. Separately, a strong patch recommendation was made by IBM considering the abuse of a pre-authentication YAML deserialization bug in its Aspera Faspex software. It has a CVSS score of 9.8.
Are you a crypto user addicted to Tor? Tor browser users across the world are under attack, especially those in Russia and nearby regions. Cyber adversaries have been observed dumping trojanized versions of Tor browser installers, which may lead to wallet compromise.
Top Breaches Reported in the Last 24 Hours
Debt purchasing firm leaks confidential data
NCB Management Services disclosed a data breach affecting the sensitive personal data of 494,969 individuals. Other leaked data includes employment positions, SSNs, driver's license numbers, account numbers, credit card numbers, and account balances and statuses. NCB further clarified that the impacted credit card accounts were already closed.
Toyota Italy exposed data
One of the biggest vehicle manufacturers worldwide, Toyota, left an environment file (.env) exposed to the internet via its official website, said the Cybernews research team. The incident blurted out the credentials of the Salesforce Marketing Cloud that could have been abused by cybercriminals in multiple ways. The file remained unprotected for more than one-and-a-half years.
Cyberattack on gambling and entertainment firm
Crown Resorts, Australia, confirmed falling victim to GoAnywhere MFT zero-day exploitation by the Cl0p ransomware group. Last month, the threat actors claimed to have infiltrated the networks of at least 130 organizations over 10 days. The firm has stated that the attack doesn’t concern customer data.
Top Malware Reported in the Last 24 Hours
Trojanized installers for Tor browser
Cryptocurrency theft has increased in Russia and other parts of Eastern Europe, owing to a spike in trojanized Tor Browser installers. These infected browsers were being promoted as "security-strengthened" versions of the browser. Crypto users use the browser services either to maintain anonymity or to access illegal dark web market services.
Sophisticated spyware campaigns
Google’s TAG shared details on zero-day and n-day vulnerabilities affecting Android and iOS devices that are under exploitation by highly-targeted spyware campaigns. It didn’t reveal the spyware vendors involved or identify the number of victims targeted in this campaign. The list of exploits importantly included CVE-2022-4262, CVE-2023-0266, CVE-2022-42856, and CVE-2022-4135.
Top Vulnerabilities Reported in the Last 24 Hours
Active exploitation of IBM flaw
Cybercriminals are reportedly abusing a critical flaw in IBM file exchange application Aspera Faspex. Security firm Rapid7 laid bare details from an incident that involved the abuse of the bug tracked as CVE-2022-47986 to deploy ransomware. The company patched the security issue in January and republished an advisory earlier this month as well.
Buggy IEEE WiFi protocol
A technical paper by security experts has found a security hole in the design of the IEEE 802.11 WiFi protocol standard. The bug enables unauthenticated users to trick access points into leaking network frames or WiFi frames in plaintext form. These frames are data containers that are ordered in queues and transmitted in a controlled manner. The queued/buffered frames are not completely secure.
Tags
Posted on: March 29, 2023
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
