Go to listing page

Cyware Daily Threat Intelligence, October 31, 2022

Cyware Daily Threat Intelligence, October 31, 2022

Share Blog Post

New data wiper alert! Dubbed Azov Ransomware, the new wiper attempted to portray itself as the work of different cybersecurity experts. Researchers and organizations in the foray include MalwareHunterTeam, BleepingComputer, Lawrence Abrams, Michael Gillespie, and Vitali Kremez. Moreover, an anonymous security researcher helped Apple address an actively exploited out-of-bounds write bug concerning iOS and iPadOS. Besides, the tech giant also fixed six bugs affecting the kernel and some hitting Core Bluetooth, iOS Sandbox, and graphics and GPU drivers.

That’s not all! An independent security researcher notified of a severe flaw in Samsung’s Galaxy Store. If exploited, an attacker could download and install malicious apps of their choice on as many Samsung devices.

Top Breaches Reported in the Last 24 Hours

Metal manufacturing firm targeted
Hong Kong-based precision metal manufacturing firm Asahi Group Company Limited allegedly suffered a ransomware attack by BlackByte. The gang claimed to have pilfered gigabytes of confidential documents from the victim firm. It is reportedly offering the stolen data for $500,000 and asking $600,000 from the firm to delete the stolen data.

Hackers hit German copper producer
Europe's largest copper producer Aurubis had to shut down its IT systems in the wake of a cyberattack. So far, all the observed details point toward a ransomware attack, however, Aurubis has not provided any details. The firm is unsure about when all of its systems will be back and running normally.

Breach at New Zealand airline
Cybercriminals carried out credential-stuffing attacks against Air New Zealand to access and harvest customers’ account data. An official pointed out that adversaries couldn’t compromise any of its systems, but affected only individual accounts. Meanwhile, the airline has urged customers to change their credentials before using the Airpoints system again and modify related account passwords.

Top Malware Reported in the Last 24 Hours

Azov Ransomware wiper
A new data wiper strain, dubbed Azov Ransomware, has debuted recently. It is being distributed through pirated software, key generators, and adware bundles. In the ongoing campaign, the wiper operators try to frame some renowned security groups and researchers. The wiper appears to have borrowed its name from the Ukrainian Azov Regiment.

Top Vulnerabilities Reported in the Last 24 Hours

ConnectWise bug patch
ConnectWise issued security updates to address a critical flaw in the ConnectWise Recover and R1Soft Server Backup Manager (SBM) secure backup solutions. Affected software versions include ConnectWise Recover v2.9.7 or earlier and R1Soft SBM v6.16.3 or earlier. Shodan scan has found over 4,800 vulnerable R1Soft servers exposed to the threat.

RCE flaw in Samsung’s store app
The Galaxy Store app for Samsung devices was discovered hosting an RCE vulnerability. The now-patched bug impacted Galaxy Store version The issue relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links configured for Samsung's Marketing & Content Service (MCS). It opens up a scenario for hackers to inject arbitrary code into the MCS website, leading to its execution.

Apple fixes an out-of-bounds write issue
??Apple has patched an actively abused bug for iOS and iPad OS. The out-of-bounds write issue involved adding data past the end or before the beginning of a buffer. Apple issued patches for iOS 16.1 and iPad OS 16 to address this and 19 other security holes. Six of the vulnerabilities involved the kernel, while some affected Core Bluetooth, graphics and GPU drivers, or the iOS Sandbox.


ios bug
air new zealand
asahi group company limited
ipad os
azov ransomware
out of bounds write bug
galaxy store
connectwise recover
credential stuffing attack

Posted on: October 31, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite