Go to listing page

Cyware Daily Threat Intelligence, September 07, 2023

Cyware Daily Threat Intelligence, September 07, 2023

Share Blog Post

Beware of low-cost offerings or any shortcuts that promise to enhance your experience with Android-based TV set-top boxes. Cybersecurity experts are warning against a Mirai botnet campaign using similar lures to target potential victims and compromise infected devices for DDoS attacks. In other malware news, we discuss a variant of Atomic Stealer being distributed under a malvertising campaign. Additionally, adversaries are employing compromised ad accounts to purchase advertisements that direct users to phishing websites.

Moving on. Cisco has addressed a CVSS 10.0-rated security issue in BroadWorks calling and collaboration platform, potentially allowing remote attackers to forge credentials and access compromised systems.

Top Breaches Reported in the Last 24 Hours


Travel booking firm suffers cyberattack
Sabre, a major provider of air passenger and booking data, is investigating a data breach after files allegedly stolen from the company appeared on a dark web leak site. The Dunghill Leak group claimed responsibility for the attack, stating that they had taken about 1.3 terabytes of data, including databases related to ticket sales, passenger turnover, employee information, and corporate financial data. The extent and timing of the breach are still under investigation.

Thousands of Alexa top sites leak sensitive data
Code security firm Truffle Security has identified approximately 4,500 websites in the Alexa top 1 million list that are leaking secrets, including credentials. These websites exposed their .git directory, which can contain sensitive information such as private source code, configuration files, and access credentials. Analysis of the exposed credentials revealed that AWS and GitHub keys were the most prevalent type of leaked secrets, accounting for 45% of all credentials.

Ransomware attack on pediatric dental practice
Just Kids Dental, an Alabama-based pediatric dental practice, is notifying approximately 130,000 individuals that their sensitive information was compromised in a recent cyberattack. The breach affected patients, their parents and guardians, and current and former employees. Rumors are a ransom demand may have been paid to the attackers in exchange for a promise to delete the stolen data, although the practice has not confirmed this.

Top Malware Reported in the Last 24 Hours


New Mirai variant for TV set-top boxes
A new Mirai variant has been discovered infecting low-cost Android TV set-top boxes commonly used for media streaming. These devices, such as the Tanix TX6 TV Box and MX10 Pro 6K, were targeted due to their quad-core processors, which can launch powerful DDoS attacks even in small swarms. The malware arrives on these devices through malicious firmware updates or pirated content apps, with the latter promising access to copyrighted TV shows and movies for free or at a low cost.

New Atomic Stealer macOS variant
Researchers at Malwarebytes have identified a new version of the Atomic Stealer macOS malware that employs a technique to bypass the operating system's Gatekeeper security feature. In this campaign, the malware masquerades as the popular TradingView platform. Victims are redirected to a phishing site, where they unknowingly download Atomic Stealer. This malware bypasses Gatekeeper by not requiring installation in the Mac's Apps folder and uses an ad-hoc signed app, preventing revocation by Apple.

Top Vulnerabilities Reported in the Last 24 Hours


Cisco patches critical vulnerability
Cisco has released patches for a critical severity vulnerability, CVE-2023-20238, in the BroadWorks calling and collaboration platform. The vulnerability could be exploited by attackers to forge credentials and access affected systems. Although the attacker would need a valid user ID associated with the affected BroadWorks system, the flaw has a CVSS score of 10.0. Cisco has also released patches for a high-severity denial-of-service (DoS) vulnerability in the Identity Services Engine (ISE), which impacts versions 3.1 and 3.2 of ISE.

Multiple flaws found in Defunct Zavio security cameras
BugProve, an IoT firmware analysis platform provider, has disclosed numerous vulnerabilities discovered in security cameras manufactured by the now-defunct Chinese company Zavio. These vulnerabilities, totaling more than 34, affect various Zavio IP camera models and can lead to unauthenticated RCE with root privileges in seven instances. Since affected cameras will not receive patches, users were advised to replace these.

Top Scams Reported in the Last 24 Hours


Global investment fraud uncovered
A widespread investment fraud campaign that relies on social media advertising has been unveiled by researchers at Group-IB. Nearly 900 scam pages have been associated with this campaign, with 60% targeting users in the Middle East and Africa. Victims clicking on the ads are directed to fake investment pages impersonating legitimate financial and insurance companies, among others. The scammers request personal information and bank details from victims and employ pressure tactics to extort money from victims.


 Tags

zavio
global investment scam
new mirai botnet
sabre
alexa device
digital set top box
atomic stealer
security cameras
cisco patches flaws
just kids dental

Posted on: September 07, 2023


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite