Operating with products that have reached End-of-Life (EoL) is an open invitation to malicious actors. Cisco is warning users of one such product after security experts discovered a sensitive bug affecting it that may allow an attacker to execute arbitrary code on the vulnerable device, with full privileges. Meanwhile, data-wiping attacks made a comeback in the ongoing Russia-Ukraine cyberwar. Ukrainian officials alleged that Sandworm APT is using a script that leverages WinRaR to destroy data on government devices. The wiper script has been dubbed RoarBat.

With more than 100,000 installs, a handful of malicious Android apps—popular in East Asia—are being used to harvest user credentials (such as 2FA) and credit card details. All these apps carry the FluHorse malware. Persistence is its key.

Top Breaches Reported in the Last 24 Hours

New fallout from the Forta breach

Brightline, a provider of pediatric mental health services, informed 783,606 individuals about experiencing a data breach owing to a ransomware attack. The attackers exploited a zero-day in Brightline's Forta GoAnywhere MFT secure file-sharing platform to steal the personal and health data of patients. The Cl0p ransomware group has taken responsibility for such attacks in the past.

Payment firm suffers ransomware attack

Payment software company AvidXchange was hit by ransomware for the second time this year, resulting in the theft of a significant amount of sensitive data. RansomHouse ransomware group has claimed responsibility for the attack. The security incident additionally compromised login credentials such as usernames and passwords, and in certain instances, responses to security questions for different companies’ systems.

Top Malware Reported in the Last 24 Hours

New trojan on Google Play Store

Cybersecurity experts have uncovered the Fleckpe trojan that impersonated photo editing apps, smartphone wallpaper packs, and other utility apps on Google Play Store. The trojan, active since 2022, was found on 11 apps with the total number of installations being over 620,000 times. Experts suggest that bad actors may have created more apps by the time those 11 apps were removed.

**RoarBat- the new malicious script **

CERT-UA confirmed the discovery of a malicious script dubbed RoarBat that is most probably used by the Russian threat group Sandworm. The script uses the WinRaR application for archiving and compressing applications and then deleting specific files. It can delete instances of more than two dozen file extensions, including drivers. However, Ukrainian defenders attributed the attack to Sandworm with moderate confidence.

FluHorse infects East Asian apps

A set of malicious Android apps, each camouflaged as a popular and legitimate app, are being distributed to infect victims with a new malware strain called FluHorse. So far, it has garnered over 100,000 installs. Check Point Research disclosed that attackers targeted commonly used Android applications in East Asia. The primary objective of this phishing scam is to steal sensitive information, such as user 2FA and credit card information.

Top Vulnerabilities Reported in the Last 24 Hours

Privilege escalation bug in NetGear Systems

A bug in Netgear’s NMS300 ProSAFE network management system allowed unauthenticated users to retrieve cleartext credentials and gain administrative access to devices, revealed Flashpoint. It can be done simply by making an SQL query in the background to retrieve database information. The Netgear NMS300 platform includes a User management tab that enables administrators to manage user accounts (view only) and monitor network functions.

Critical RCE bug in phone adapter

A critical remote code execution flaw was discovered affecting Cisco SPA112 2-Port Phone Adapters. It is to be noted that the product has already reached its end-of-life status. The flaw, tagged CVE-2023-20126, concerns the web-based management interface of the phone adapters, which an attacker can abuse without authentication. The company recommends customers migrate to an ATA 190 Series analog telephone adapter for safety.

Top Scams Reported in the Last 24 Hours

Users’ goodwill exploited via PayPal

It’s easy to send legitimate messages such as invoices, billing reminders, and more to anyone via PayPal, and cyber adversaries are taking advantage of the same. Avanan experts, over the last few weeks, witnessed nearly 25,000 of these PayPal phishing attacks that take advantage of people’s goodwill of making donations for a cause. Such attacks are becoming challenging for security services and users to detect and mitigate.