Go to listing page

Cyware Daily Threat Intelligence, November 04, 2022

Cyware Daily Threat Intelligence, November 04, 2022

Share Blog Post

A new Group-IB report has shed light on the OPERA1ER threat group that skimmed at least $11 million in approximately 30 attacks in Africa. It targeted banks, financial services, and telecommunications companies. With three ICS vulnerability advisories, the CISA is urging users to heed multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. These bugs risk user systems with threats ranging from sensitive information exposure and file access to arbitrary code execution to the planting of malicious code by hackers.

More bugs were reported in the past 24 hours with Cisco and Splunk Enterprise releasing updates for their buggy products. A majority of them are critical security issues that organizations must patch on priority.

Top Breaches Reported in the Last 24 Hours

French-speaking loot $11 million
According to Group-IB, French-speaking hacking group OPERA1ER conducted at least 30 cyberattacks against financial and telecom firms and services in Africa. In those attacks, hackers swindled no less than $11 million. The operators had developed a vast network to withdraw stolen cash.

Criminals target Boeing subsidiary
The website of Jeppesen, an American firm offering navigational information and other operation tools, emerged with a breach notification after being hit with a cyberattack. The wholly-owned Boeing subsidiary experienced some flight planning disruptions. However, the scope of the impact is yet to be determined.

LockBit claimed German automotive firm
German multinational automotive parts manufacturing company Continental’s name was added to the leak site of the LockBit ransomware group. The group has threatened to publish all the available data if the negotiation doesn’t go well. It has given the deadline of November 4 to pay the ransom.

Top Malware Reported in the Last 24 Hours

RomCom RAT’s new campaign
The operators behind RomCom RAT were observed imitating the official websites of popular software brands to distribute malware in a new campaign. It reportedly targeted SolarWinds Network Performance Monitor (NPM), PDF Reader Pro, KeePass password manager, and Veeam Backup and Recovery software websites, stated Palo Alto Networks’ Unit 42.

Top Vulnerabilities Reported in the Last 24 Hours

CISA advisory for ICS bugs
The CISA released three ICS advisories regarding multiple vulnerabilities in software from ETIC Telecom, Delta Industrial Automation, and Nokia. The most critical was a set of three bugs in ETIC Telecom's Remote Access Server (RAS). Delta Industrial Automation's DIALink products were infected with a path traversal flaw. Meanwhile, three bugs were identified in Nokia's ASIK AirScale 5G Common System.

Cisco addresses multiple bugs
Multiple vulnerabilities in Cisco products, including those labeled high-severity, received a fix. The flaw, tracked as CVE-2022-20961, is the most severe cross-site request forgery (CSRF) flaw in Identity Services Engine (ISE). Another one, assigned CVE-2022-20956, is an authorization bypass flaw that could allow file downloading and deleting options to hackers.

Splunk quarterly patch out
A new set of quarterly patches was issued by Splunk Enterprise that addressed nine high-severity security holes. Three of those, with a CVSS score of 8.8, were observed as remote code execution (RCE), reflected cross-site scripting (XSS) bugs, and XML external entity (XXE) injection. All bugs have been resolved with the release of Splunk Enterprise versions 8.1.12, 8.2.9, and 9.0.2.


cisa advisory
splunk enterprise
opera1er apt
splunk enterprise security
cisco products
ics vulnerabilities
romcom rat

Posted on: November 04, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite