A PoC exploit for the much-discussed, highly critical Cisco flaw (CVE-2023-20198) has been published. Different threat actors, including ransomware groups, are reportedly abusing it. A scanner to identify compromised systems is available; users and organizations are requested to do the due diligence. Also, a PoC exploit for bugs found in Wyze Cam v3 firmware was made public; users are warned to isolate their devices if an update looks challenging. In other news, Android users in the Arabic-speaking world need to stay cautious as an espionage-focused APT has unleashed a malware threat on them. This time, it is masqueraded as updates to the dating applications.

Pro-Hamas attackers have floated a new Linux-based malware named BiBi-Linux Wiper to target Israeli entities. The malware is also remarkable for its utilization of the nohup command to execute tasks inconspicuously in the background.

Top Breaches Reported in the Last 24 Hours

Ransomware attack on Dallas County

Dallas County confirmed a cybersecurity incident affecting parts of its network. This confirmation comes in response to claims made by the Play ransomware group, which threatened to leak stolen data by November 3, 2023. Dallas County has initiated an investigation into the incident. Earlier this year in May, the city government of Dallas was targeted by the Royal ransomware group.

Toronto Public Library hit by cyberattack

The Toronto Public Library (TPL) suffered a cyberattack, causing numerous online services to go offline. This includes the "Your Account" feature, digital collections, and public computers, though library branches remain open for book borrowing and returning. While TPL did not provide specific details about the incident, it stated that there is no evidence of staff or customer data exposure. So far, no cybercrime group has claimed responsibility for the attack.

$4.4 million in cryptocurrency stolen

Hackers swindled $4.4 million in cryptocurrency from over 25 victims after exploiting a LastPass breach in 2022. Researchers have traced the cryptocurrency thefts to an older compromised LastPass database, using which threat actors are believed to be cracking password vaults to gain access to stored cryptocurrency wallet passphrases, credentials, and private keys. Once they access this information, they load the wallets onto their own devices and drain them of all funds.

Top Malware Reported in the Last 24 Hours

Arid Viper targets Arabic-speaking Android users

Arid Viper has been conducting a campaign targeting Arabic-speaking Android users since April 2022, discovered Cisco Talos. The group uses custom APKs to collect sensitive information and deliver additional malware to infected devices. The malware shares similarities with a non-malicious dating application called Skipped, possibly suggesting a connection between Arid Viper and the app's developers. The Android malware can disable security notifications, collect sensitive data, and deploy additional malicious apps.

Pro-Hamas criminals deploy BiBi-Linux wiper

A pro-Hamas cybecriminal group deployed a new Linux-based wiper malware named BiBi-Linux Wiper in attacks against Israeli entities amid the ongoing Israeli-Hamas conflict. This destructive malware, written in C/C++, allows attackers to specify target folders and potentially destroy an entire operating system when executed with root permissions. Notably, the malware's use of the term "bibi" in filenames holds significance in Middle Eastern politics, referring to Israeli Prime Minister Benjamin Netanyahu.

Top Vulnerabilities Reported in the Last 24 Hours

PoC out for critical Cisco flaw

Researchers from Horizon3.ai have publicly released exploit code for the critical Cisco IOS XE vulnerability, CVE-2023-20198, which has been actively exploited by threat actors. The Cisco bug, with a CVSS score of 10, allows an attacker to gain administrator privileges and take over vulnerable routers. Attackers have exploited this flaw to compromise thousands of Cisco IOS XE devices, as reported by security firm VulnCheck. The vulnerability affects physical and virtual devices with the Web User Interface feature enabled and the HTTP or HTTPS Server feature in use.

Atlassian Bug poses data loss risk

Atlassian issued a warning about a critical security vulnerability, CVE-2023-22518, in Confluence Data Center and Server, which could lead to significant data loss if exploited. The flaw is categorized as an improper authorization vulnerability and affects all versions. While there's no evidence of active exploitation, it's crucial to apply the patch to prevent potential threats. Accessible instances should be disconnected from the public internet until the patch is applied.

Device takeover flaw in Wyze Cam v3

Security researcher Peter Geissler has uncovered two vulnerabilities in the Wyze Cam v3 firmware that could allow attackers to execute their code on the devices. The flaws involve an authentication bypass and a stack buffer overflow issue. Chaining these vulnerabilities together enables attackers to take over Wyze Cam v3, turning it into a persistent backdoor and compromising other devices on the network. Users are urged to update their firmware immediately or isolate the devices if updating isn't possible as the PoC is now public.