Go to listing page

Cyware Daily Threat Intelligence, December 22, 2022

Cyware Daily Threat Intelligence, December 22, 2022

Share Blog Post

A new hybrid Android-cum-Windows-based malware threat campaign has infected thousands of banking customers in Brazil. The hackers spreading it, who are also the masterminds behind Windows banking malware Casbaneiro, have spun the new threat called BrasDex. In another malware incident, the quite active Play ransomware group was observed targeting Exchange servers via a new exploit chain, dubbed OWASSRF, that bypasses Microsoft’s security check for ProxyNotShell bugs.

The Ghost blogging platform was found laced with two security vulnerabilities, letting an unauthenticated user make unauthorized modifications to settings, expose confidential data, or even narrow down potential victims for next-stage phishing attacks.

Top Breaches Reported in the Last 24 Hours

The Guardian suffers ransomware attack
A ransomware attack interrupted several services at the top British news organization, The Guardian. The staff has been asked to work from home for the week. The firm has not shared any information about any possible ransom demand. Researchers added that the incident may have caused a broader impact than assumed.

Sports betting firm hit by a cyberattack
The personal and financial information of customers of BetMGM was obtained by a cybercrime group. Leaked data includes names, phone numbers, DoBs, SSNs, and transactional data. While the company took the wraps off of the incident, it did not comment on the number of customers impacted by the breach.

Top Malware Reported in the Last 24 Hours

BrasDex by Casbaneiro operators
Threat actors and developers of Windows banking malware Casbaneiro have launched another Android trojan, BrasDex. The malware targeted a set of Brazilian banking apps, as well as a highly capable Automated Transfer System (ATS) engine, as part of an ongoing multi-platform campaign. The malware boats a complex keylogging system designed to abuse Accessibility Services to steal credentials.

Zerobot botnet gets promoted
The Zerobot DDoS botnet can now take over more internet-connected devices and scale its infection network with a new round of updates. The new strain not only enhances its DDoS attack capabilities but also allows it to exploit two Apache bugs, namely CVE-2021-42013 and CVE-2022-33891. Microsoft Threat Intelligence Center (MSTIC) tracks the ongoing threat under the moniker DEV-1061.

Top Vulnerabilities Reported in the Last 24 Hours

OWASSRF by Play ransomware
Security analysts at CrowdStrike reported a new exploit method called OWASSRF that requires a hacker to abuse ProxyNotShell flaws (CVE-2022-41080 and CVE-2022-41082) in Microsoft Exchange servers. Through this, an attacker can pull off RCE attacks via Outlook Web Access (OWA). A deeper study into it led researchers to Play ransomware strains abusing the flaws in Exchange.

Ghost users 
Two security holes were found in the JavaScript-based blogging platform, Ghost. The first one, identified as CVE-2022-41654, is an authentication bypass bug that can allow unprivileged users to make unauthorized modifications to newsletter subscription settings. The other one, tracked as CVE-2022-41697, is an enumeration bug in the login functionality that could lead to a sensitive data leak.

Passwordstate bug risks user passwords
Click Studios patched seven types of vulnerabilities, including a critical API authentication bypass flaw, tracked as CVE-2022-3875, in its enterprise password manager Passwordstate. The vulnerability in the password manager could allow a threat actor to obtain users’ passwords, OTPs, and other secrets just through their usernames.

Top Scams Reported in the Last 24 Hours

Malicious ad scams proliferate
The FBI released an alert against cyber adversaries leveraging SEO techniques and search engine advertisements to rank their choice of websites to drop ransomware payloads or to extract login credentials for financial institutions and crypto exchanges. Scammers are impersonating legitimate businesses or services to lure victims into their traps.


click studios
the guardian
fbi warning
dev 1061
ad scams
ghost blogging platform
brazilian banking apps
play ransomware

Posted on: December 22, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite