Go to listing page

Cyware Daily Threat Intelligence, February 22, 2023

Cyware Daily Threat Intelligence, February 22, 2023

Share Blog Post

A critical injection vulnerability in VMware Carbon Black App Control is posing a threat to users in more than one way. Security experts concluded that a hacker may get access to sensitive information by abusing the flaw. At the same time, no workaround is available for users, except for upgrading the product. Separately, researchers took the wraps off of a botnet malware’s latest activity. First detected in 2017, the MyloBot botnet has infected thousands of systems in four countries and can function as a downloader for additional malware or malicious tools.

There’s everything wrong with ‘Portugal’ and ‘Brazil’. These are the names of two malware authors distributing malicious Python packages through the PyPI repository. The actors aspire to exfiltrate sensitive data through platforms such as Telegram and Discord.

Top Breaches Reported in the Last 24 Hours

SMS phishing led to breach
American video game publisher Activision announced experiencing a data breach. According to vx-underground, a cybersecurity research group, hackers exfiltrated sensitive workplace documents, including the content that is yet to be released. Reportedly, hackers gained access to the Slack account of an employee with an SMS phishing text.

Washington city hit with ransomware
The notorious BlackCat ransomware group has allegedly pilfered more than 250GB worth of data from the City of Lakewood, Washington. The hacker group further appealed to parties—who could bear the brunt in the aftermath of the breach— to sue the municipality. Hackers also accused the municipality of not patching the vulnerabilities.

Top Malware Reported in the Last 24 Hours

MyloBot expands to four countries
BitSight uncovered an advanced botnet that has been able to compromise thousands of systems in the U.S., India, Indonesia, and Iran. Dubbed MyloBot, its infrastructure has connections to BHProxies, a residential proxy service. The highly sophisticated malware was first spotted in the wild in 2017 and is known for its anti-analysis techniques.

Zero-day attack against PyPI Index
FortiGuard Labs unearthed a zero-day attack by malware authors who published the PyPI packages ‘xhttpsp’ and ‘httpssp’. The malicious packages were highly obfuscated in nature and displayed functions, such as DiscordApi, ProcessHollowing, RemoteThreadInjection, TelegramApi, Inject, and HiddenStartup, showcasing their capabilities.

Top Vulnerabilities Reported in the Last 24 Hours

Several bugs fixed for VMware
VMware’s Carbon Black App Control product was found vulnerable to a critical flaw tracked as CVE-2023-20858. The bug impacts App Control versions 8.7.x, 8.8.x, and 8.9.x and clients would need to update to versions 8.7.8, 8.8.6, and 8.9.4 to mitigate risks owing to the flaw since no other workaround is possible. The abuse of the bug may lead to information disclosure or privilege escalation threats.

High-severity bugs added to KEV
The CISA has listed a couple of Mitel MiVoice Connect vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog that is being exploited in the wild. The bugs, identified as CVE-2022-41223 and CVE-2022-40765, need to be addressed by federal agencies by March 14. Furthermore, the agency also added an IBM Aspera Faspex bug that can allow a hacker to execute arbitrary code.


vmware product
ibm aspera faspex
pypi repository
mitel mivoice connect
sms phishing scam
vmware carbon black app control appc
cve 2022 40765
cisa kev
cve 2022 41223
cve 2023 20858

Posted on: February 22, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite