Go to listing page

Cyware Daily Threat Intelligence, March 06, 2023

background, business, concept, sport, marketing, team, success, game, teamwork, leadership, strategy, businessman, management, chess, thinking, leader, vision, board, manager, economic, intelligence, problem, knight, chessboard, king, leisure, battle, competition, strategic, administration, play, opponent, plan, comparing, planning, board game, piece, playing, requires, solving, chess pieces, tournament, holding, win, fight, figure, move, risk

Share Blog Post

Mexicans are facing a new threat in the form of a new ATM malware dubbed FiXS. Security experts claim that threat actors can hijack the ATM keyboard or touchscreen and steal money from the machine 30 minutes after the last system reboot. Meanwhile, at least half-a-dozen law firms fell victim to GootLoader and SocGholish malware infections in the last two months in two separate campaigns. Hackers in these campaigns leveraged buggy WordPress sites and fake Chrome browser update pop-ups to infect victims.

Billions of devices are vulnerable to RCE attacks in the wake of security vulnerabilities in the reference library specification for the Trusted Platform Module (TPM) 2.0. TPM technology is embedded in devices ranging from specialized enterprise-grade hardware to IoT-enable appliances.

Top Breaches Reported in the Last 24 Hours

Ransomware group leaks Oakland’s data
The Play ransomware gang dropped a 10 GB data trove in a RAR archive pertaining to the City of Oakland, California. The data dump allegedly contains confidential documents, passport data, and other employee information and IDs. Officials said they are keeping an eye on the leaks and will reach out to individuals whose personal information was compromised.

Ransomware hits Modesto police 
A ransomware attack aimed at the Modesto Police Department, California, blurted out personal information, such as SSNs and driver's license numbers, of some people. It reportedly detected suspicious activity on its digital network on February 8. The police department disconnected itself from the digital network of the rest of the city to contain the infection.

Africa’s startup investigating stolen funds
Africa’s largest startup by private valuation, Flutterwave, lost approximately $4.2 million from its accounts. Cybercriminals rotated the stolen funds, in early February, across 28 accounts in 63 transactions. The victim firm has sought to freeze accounts across 27 financial institutions that were used to misappropriate funds. The reason how the attack occurred remains unclear.

Top Malware Reported in the Last 24 Hours

Colour-Blind encourages cybercrime
Security researchers at Kroll laid bare a malicious PyPI package called Colour-Blind. The malware package is a fully-featured info-stealer RAT with a plethora of features and capabilities, including the theft of crypto wallet data. According to researchers, the malware "points to the democratization of cybercrime" to help adversaries develop their own variations based on the shared source code.

Six law firms, two malware
Six different law firms were infected with GootLoader and FakeUpdates malware (aka SocGholish) in January and February 2023 in two different attack campaigns, revealed cybersecurity company eSentire. The GootLoader campaign abused vulnerable WordPress websites and added new blog posts as bait for downloading malware. The other malware spread through a business that provides notary public services to legal firms. The malware would nudge users for a fake browser update.

FiXS ATM malware targets Mexican banks
Security analysts at Metabase Q uncovered the new FiXS ATM malware that targets Mexican bank customers. Though the initial attack vector is unclear as of now, analysts have discovered hackers using an external keyboard, like in  Ploutus attacks. The FiXS malware releases money 30 minutes after the latest ATM reset, leveraging the Windows GetTickCount API.

Top Vulnerabilities Reported in the Last 24 Hours

Security holes in TPM 2.0 Library
Researchers at Quarkslab unveiled two bugs in the Trusted Platform Module (TPM) 2.0 reference library specification. The attacks could potentially lead to information disclosure or privilege escalation. The first bug, CVE-2023-1017, concerns an out-of-bounds write while the other bug, CVE-2023-1018, is an out-of-bounds read issue. Billions of internet-connected devices across different organizations are vulnerable to the threat.

Wago fixes high- and medium-severity bugs 
German industrial automation solutions provider Wago released patches against four flaws in its programmable logic controllers (PLCs). It includes a missing authentication flaw, identified as CVE-2022-45138, that can be abused to read and manipulate some device parameters, leading to a complete takeover of the controller. Another critical bug, CVE-2022-45140, enabled arbitrary code execution with a full system compromise.

Top Scams Reported in the Last 24 Hours

Hijacking traffic via adult lures
In a malicious campaign that began in September 2022, hundreds of thousands of East Asian users were redirected to adult-themed content. Hackers lured users via tens of thousands of compromised websites which they gained access to using legitimate credentials for their FTP endpoints (used for managing the web application). A major portion of compromised websites was of small companies.


wago products
trusted platform module 2x
plc bug
fixs atm malware
east asian
ftp endpoints
modesto police department
city of oakland
colour blind malware

Posted on: March 06, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite