Go to listing page

Cyware Daily Threat Intelligence, January 31, 2023

Cyware Daily Threat Intelligence, January 31, 2023

Share Blog Post

Proof-Of-Concept (POC) exploit is out! Malware could be on the way, a couple of CERTs have warned. The story is about a bug in KeePass that can be exploited to obtain usernames and passwords in plaintext, and a PoC exploit is doing the rounds. Meanwhile, TrickGate packer, which is now six years old, has once again been spotted in the wild. The shellcode-based packer is known for dropping malware from the “Most Wanted Malware” list. It managed to stay hidden for years by continually making improvements in different ways.

Sewio RTLS Studio has addressed nine flaws in its system that could culminate in an unauthorized user gaining access to escalate privileges and also remotely executing arbitrary code. These vulnerabilities are also tracked under CISA ICS Advisory ICSA-23-012-01. 

Top Breaches Reported in the Last 24 Hours

United Express carrier leaks No fly list
Swiss hacker Maia Arson Crimew found and reported a misconfigured AWS server of Ohio-based airline CommuteAir exposing Transportation Security Administration’s (TSA) No Fly list. Still, days after the patch, the data of around 1.8 million individuals were seen posted on a hacker forum. The TSA released an alert warning all U.S. airports and air carriers about having stringent cybersecurity protections.

Berlin hospital facility under attack
A ransomware attack crippled the networks of Atlantic General Hospital, Berlin. The attack knocked the network offline, causing an outage with limited patient care interruption. Unoperational services at this time include the hospital’s outpatient walk-in lab RediScripts. The exact cause of the attack is being investigated.

JD Sports revealed data breach
UK sports fashion chain JD Sports said it discovered unauthorized access to a server that was inadvertently left open. The database blob contained information related to online orders placed by 10 million customers between November 2018 and October 2020. The leaked data may include names, email addresses, delivery and billing addresses, contact details, and the last four digits of the customers’ payment cards.

Indianapolis Housing Agency
The personal data of over 200,000 people were collected by hackers in a ransomware attack, confirmed the Indianapolis Housing Agency. The exposed data include SSNs and other data of visitors. Employees were forced to work offline as they were locked out of email systems for days. The attack had begun in September 2022.

Top Malware Reported in the Last 24 Hours

Six-year-old malware propagator 
Experts at Check Point Research laid bare the secrets of a shellcode-based packer, dubbed TrickGate, assisting threat actors in deploying a range of malware such as TrickBot, Emotet, FormBook, Cerber, AZORult, Agent Tesla, Maze, and REvil. The malware stayed under the hood for six years owing to its transformative nature of undergoing changes periodically.

NikoWiper - the seventh wiper against Ukraine
Security experts at ESET discovered yet another wiper malware strain that was used by Russia-affiliated Sandworm APT group. Named NikoWiper, it was used in October 2022 against an energy sector company in Ukraine. The wiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting files. Earlier this week, researchers reported at least six wiper malware used in a similar manner.

Top Vulnerabilities Reported in the Last 24 Hours

Bug exposes KeePass credentials
CERT teams of the Netherlands and Belgium uncovered a security hole in the open-source password manager KeePass. The flaw, tracked as CVE-2023-24055, can allow an attacker to export the database, including all usernames and passwords - in cleartext. The challenging part is that a PoC exploit for the same has already been shared online.

RCE flaw in QNAP patched
Taiwanese NAS device manufacturer QNAP fixed a critical security bug, tracked as CVE-2022-27596, affecting its devices. The bug—rated 9.8 on the CVSS scale—affects QTS 5.0.1 and QuTS hero h5.0.1. A hacker can send specially crafted SQL queries to bypass security controls of devices and later gain access to sensitive information.

Critical bugs haunt Sewio RTLS Studio users
Nozomi Networks Labs shared details of the vulnerabilities it disclosed in Ultra-wideband (UWB) Real-time Locating Systems (RTLS) at Black Hat USA. It discussed over nine flaws—four of which were critical—that concerned the RTLS Studio software from Sewio. These vulnerabilities allow an unprivileged attacker to alter data, trigger a DoS condition, escalate privileges, and do more harm.

Open5GS has a flaw
The Synopsys Cybersecurity Research Center (CyRC) reported a security hole in Open5GS, identified as CVE-2023-23846. Open5GS is a C-language open source implementation that provides both 4G/LTE enhanced packet core (EPC) and 5G functionalities for mobile network deployments with an AGPLv2 or commercial license. An attack on it may result in DOS conditions and excessive resource consumption.


maia arson crimew
qnap nas devices
atlantic general hospital
indianapolis housing agency
jd sports
sewio rtls studio

Posted on: January 31, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite