Go to listing page

Cyware Daily Threat Intelligence, March 15, 2023

Cyware Daily Threat Intelligence, March 15, 2023

Share Blog Post

Exposed Kubernetes clusters are under attack by cryptojackers, however, this one particular campaign is much more unusual. For the first time, crims have attempted to mine for Dero currency, that too differently. Attackers do not move laterally or scan the internet for discovering more hosts, but deploy a DaemonSet to mine Dero camouflaging as common Kubernetes log names. Moving on, Microsoft has addressed dozens of vulnerabilities haunting Windows users. It has flagged two vulnerabilities that attackers are scanning in the wild; one of them is exploited to drop Magniber payload on compromised systems.

Know why SAP products make good targets for threat actors? Because they are widely utilized by large enterprises worldwide. The ERP giant has issued updates for 19 security holes, including two 9.9-rated bugs, in its monthly release.

Top Breaches Reported in the Last 24 Hours

Ring (Amazon) suffered ransomware attack
BlackCat (aka ALPHV) ransomware actors claimed a successful intrusion on Amazon-owned home security company Ring. Malware research organization VX-underground disclosed the news where the gang wrote: “There's always the option to let us leak your data." Actors have threatened to publish the stolen data if its ransom demands are not met.

Data lay exposed for over 18 months
Top aviation firm Safran Group, according to the Cybernews research team, was exposing critical data via a publicly available environment file hosted on the open-source video-conferencing app Jitsi Meet. The incident occurred due to a misconfiguration and exposed the data for nearly a year and a half. 

U.K’s largest state boarding school targeted
A sophisticated hack event has hit Wymondham College, U.K, that houses just over 1,200 students. An official has said, “A number of the College’s systems have been impacted, including access to some files and resources.” No further information on the nature of the attack, however, the school did not receive any ransom demand.

Top Malware Reported in the Last 24 Hours

Cryptojacking via Dero currency
Attackers mining digital assets via others’ infrastructure seem to have found a new boost with Dero cryptocurrency, revealed Crowdstrike. Since February, the operation has reportedly launched attacks against the Kubernetes environment of three U.S.-based servers. Threat actors potentially deployed over 4,000 miner instances during this campaign.

Malware abuses Microsoft zero-day
Cyber adversaries were found abusing a zero-day in the Microsoft SmartScreen security feature to drop the Magniber ransomware. They abused CVE-2023-24880 to deliver specially crafted MSI files. Almost 80% of the more than 100,000 malicious MSI file downloads, in recent campaigns, were linked to potential users in Europe.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft patches 80 vulnerabilities
Microsoft issued patches for 80 security issues in its recent Patch Tuesday release, including two flaws that are under active exploitation in the wild. Flaws under active exploitation are CVE-2023-23397 and CVE-2023-24880. The former can be abused to evade Mark-of-the-Web (MotW) protections. Eight of the 80 defects were classified as Critical, 71 as Important, and one as Moderate.

SAP releases product updates
Software vendor SAP rolled out updates for 19 security flaws, with five highly severe flaws concerning users of SAP Business Objects Business Intelligence Platform (CMC) and SAP NetWeaver. CVE-2023-25616, CVE-2023-23857, CVE-2023-27269, CVE-2023-27500, and CVE-2023-25617 are the critical ones. Besides, SAP fixed four high-severity and ten medium-severity security issues.


microsoft smartscreen
blackcat ransomware
dero cryptocurrency
microsoft patch tuesday
sap patches
wymondham college
amazon ring
magniber ransomware
safran group

Posted on: March 15, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite