Go to listing page

Cyware Daily Threat Intelligence, March 08, 2023

Cyware Daily Threat Intelligence, March 08, 2023

Share Blog Post

Emotet is back and spamming again! After staying dormant for three months, the notorious trojan has commenced a high-volume malspam campaign to infect devices worldwide. So watch out for any unsolicited emails that revolve around financial and fake invoice themes. Moving on, a Chinese cyberespionage campaign has gone undetected for months. Why? That’s because of a unique radio-silence feature enabled in a new version of the Soul malware framework. This lets the malware variant communicate with the C2 server only at the specified hours set by the attackers and remain silent for the rest of the time. The malware is currently being used to target high-profile government entities in Southeast Asia. 

There’s also a security update from Google for Chrome 111. Around 40 vulnerabilities, eight of which were high-severity flaws, have been addressed in the latest iteration of the browser. Some of these flaws impacting the browser components were stack buffer overflow vulnerability, use-after-free vulnerability, and a type confusion flaw. 

Top Breaches Reported in the Last 24 Hours

Acer confirms server intrusion
Acer confirmed that attackers broke into one of its servers and stole 160GB of confidential data. The stolen data has been put up for sale on dark web forums and includes 655 directories and 2,869 files related to presentations, staff technical manuals, product documents, Windows System Deployment Image, BIOS components, and ROM.   

Community College remains close
Northern Essex Community College in Massachusetts remained closed for the second day following a cyberattack on March 7. While the college is accessing the extent of the attack. the staff claimed that they do not have evidence of personal data being compromised. The law enforcement agency has been informed about it. 

Hospital Clínic de Barcelona targeted
The Hospital Clínic de Barcelona suffered an attack by the RansomHouse ransomware that disrupted its healthcare services. The incident has affected the emergency services of three medical centers associated with the healthcare system, including CAP Casanova, CAP Borrell, and CAP Les Corts. The restoration work is underway. 

Toyota’s CRM leaked data
A vulnerability in the Toyota 360 CRM platform allowed a security researcher to access the personal information of its customers in Mexico. The web app aggregates personal information, as well as purchase and service details of customers. Toyota fixed the issue as soon as it became aware. 

Top Malware Reported in the Last 24 Hours

Emotet is spamming again
After three months of inactivity, the Emotet trojan resumed its malspam campaign. The phishing emails include Zip files that are related to fake invoices and finances. As per the researchers, the operators are gathering new credentials from address books to drive the campaign. The Zip file contains Word documents that use Emotet’s ‘Red Dawn’ document template, prompting recipients to enable content to see it.

Soul malware upgraded
The Sharp Panda threat actor group is using a new version of Soul malware framework to target government organizations in Vietnam, Thailand, and Indonesia. The malware variant is active since 2022 and continues through 2023 as it employs a radio silence feature. This allows threat actors to specify hours for the backdoor not to communicate with the C2 server, which is a unique tactic to evade detection.  

Top Vulnerabilities Reported in the Last 24 Hours

CISA updates its KEV Catalog
CISA has added three new actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. They are CVE-2022-35914, CVE-2022-33891, and CVE-2022-28810. They affect GLPI software, Apache Spark, and Zoho ManageEngine AdSelfService Plus respectively. CISA has ordered federal agencies to apply security patches by March 28 as exploitation of these vulnerabilities can lead to remote code execution and command injection attacks.

Chrome 111 released with new updates
A stable version of Chrome 111 has been released by Google. This includes patches for 40 vulnerabilities, including eight high-severity flaws. The resolve medium-severity flaws are related to implementation issues in permission prompts, heap buffer overflow, use-after-free vulnerability, and autofills. The patches have been rolled out in versions 111.0.5563.64/.65 for Windows and in version 111.0.5563.64 for Linux and macOS.


use after free vulnerability
chrome 111
stack buffer overflow vulnerability
soul malware framework
hospital clinic de barcelona

Posted on: March 08, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite