Security experts have detected an uptick in cybercrime activity targeting Chinese speakers since early 2023, including the reappearance of a Gh0stRAT variant, dubbed Sainbox RAT, and the newly identified ValleyRAT. These campaigns employ lures and content in Chinese languages, with a focus on global organizations conducting business in China.

On the vulnerability side, the users of GitLab’s Community Edition and Enterprise Edition, as well as several Atos Unify products, have been urged to deploy the latest updates. Exploitation of GitLab flaws could lead to unauthorized access to projects containing private code, meanwhile, bugs in Atos Unify products can be abused to gain root access over the appliance (if any low-privileged user credentials are known) and could reconfigure or backdoor the system with an attacker’s choice of malware.

Top Breaches Reported in the Last 24 Hours

Pizza Hut suffers customer data breach

Pizza Hut Australia fell victim to a cyberattack, resulting in the theft of customer data, including delivery addresses and order details. CEO Phil Reed disclosed that an "unauthorized third party" accessed the data in early September. While operations remain unaffected, the breach has affected approximately 193,000 customers, exposing their names, addresses, contact information, and, in case of registered accounts, it also affected encrypted credit card details and passwords.

**No clue of damage at ICC **

The International Criminal Court (ICC) disclosed unusual activity in its network affecting its information systems and found signs of compromise. While specific details about the attack remain undisclosed, the extent of potential data theft or other damage also remains unclear. The ICC assured that, despite the intrusion, its priority is to ensure that the core work of the court continues. The court also announced additional measures to strengthen its cybersecurity posture.

**Criminals ensnare Kansas City **

A cyberattack has disrupted government email, phone, and online payment systems in Pittsburg, a city in Kansas with around 20,000 residents. The incident was discovered over the weekend, causing an IT outage that impacted several government systems. While city operations continue, it remains unclear whether this was a ransomware attack. No group has claimed responsibility for the incident.

Top Malware Reported in the Last 24 Hours

ValleyRAT and Gh0stRAT used against Chinese speakers

Proofpoint has identified a notable rise in cybercrime activity aimed at Chinese-speaking individuals. It noted that ValleyRAT and a Gh0stRAt variant named Sainbox RAT targeting global organizations with Chinese operations. These are being distributed via Excel and PDF attachments containing infected URLs. Researchers observed nearly 20 campaigns delivering Gh0stRAT since April. While the campaigns primarily concern Chinese-speaking users, one campaign has targeted Japanese organizations, suggesting potential expansion.

Fake PoC drops VenomRAT

Security researchers should be vigilant regarding threat actors repurposing older PoC exploit code to swiftly create fake PoCs for newly discovered vulnerabilities. An example of this practice was observed when an RCE vulnerability in WinRAR (CVE-2023-40477) was publicly disclosed on August 17, four days after which a threat actor posted a fake PoC script on GitHub. This fake PoC was based on publicly available PoC code for another vulnerability (CVE-2023-25157) in GeoServer and led to an infection chain culminating in the installation of a VenomRAT payload.

Top Vulnerabilities Reported in the Last 24 Hours

GitLab addresses sensitive flaw

GitLab has released critical security updates to address CVE-2023-5009, with a CVSS score of 9.6, affecting all GitLab Enterprise Edition versions before 16.2.7 and GitLab Community Edition versions before 16.3.4. This vulnerability allows an attacker to run pipelines as another user, bypassing a previous flaw (CVE-2023-3932) resolved in August 2023. The issue arises from scheduled security scan policies and it doesn't require user interaction.

Atos Unify products need an upgrade

Two critical vulnerabilities in Atos Unify OpenScape products have been uncovered, which could potentially allow attackers to disrupt systems and gain unauthorized access. One vulnerability (CVE-2023-36618) can be exploited by authenticated attackers with low privileges to execute arbitrary PHP functions and operating system commands with root privileges. The other flaw (CVE-2023-36619) could be leveraged by unauthenticated attackers to access and execute scripts, potentially leading to DoS conditions or system configuration changes.

Trend Micro’s actively exploited flaw

Trend Micro has released patches and hotfixes to rectify a critical security vulnerability (CVE-2023-41179) in its Apex One and Worry-Free Business Security solutions for Windows. The flaw involves a third-party antivirus uninstaller module bundled with the software. Successful exploitation of the bug could lead to the execution of arbitrary commands. Trend Micro has observed at least one active exploitation attempt in the wild, emphasizing the importance of promptly applying the patches.