Updated: Jan 2
A phishing attack campaign disguised as alerts from representatives of Ukrainian government agencies is crippling systems in Ukraine to steal confidential data. It reportedly drops the DolphinCape malware to harvest computer information, run executable files, and even take screenshots of compromised devices. Furthermore, a zero-day flaw affecting Citrix products is being exploited by a threat actor that is believed to be operating on behalf of Chinese interests. For now, a small number of targeted attacks have been identified.
Microsoft’s final Patch Tuesday of the year addressed 49 vulnerabilities, with six of them prone to critical RCE attacks. One of the bugs that is being exploited in the wild is a Windows SmartScreen security feature bypass flaw.
Top Breaches Reported in the Last 24 Hours
Payment Giant exposed sensitive information
Website Planet discovered an open, unprotected database belonging to Cornerstone Payment Systems, a California-based credit card processing company. The database contained over 9 million transaction records, including personally identifiable information and credit card information for merchants and payees. Researchers warned that if such information falls into the wrong hands, it could be used against victims.
Municipalities in Sweden are being targeted.
A cyberattack was launched against the Swedish municipalities of Borgholm and Mörbylnga. Researchers discovered an intrusion in the two municipalities' joint information technology system. Following the attack, both municipalities' systems were taken offline. The nature of the incident has not yet been revealed; more information is awaited.
Attack on a hospital in California
San Gorgonio Memorial Hospital in Riverside County, California, was hit by a data breach that exposed patients' sensitive personal and medical information. An unauthorised third party, according to a notice issued, circumvented the hospital's networks. The number of people killed in this incident is unknown at this time.
Top Malware Reported in the Last 24 Hours
The DolphinCape phishing campaign has ended.
A series of phishing attacks targeting Ukrainian government agencies and the state railway were discovered to drop the Delphi-written DolphinCape malware. The attack group is identified as UAC-0140 by CERT-UA. Phishing attacks are quite common in cyberattacks against Ukraine, accounting for roughly 60-70% of all cyberattacks.
WordPress sites are scanned by GoTrim.
GoTrim, a new Go-based botnet, has been observed using brute force techniques to obtain administrators' passwords and take over self-hosted WordPress and OpenCart sites. Hackers can use this opportunity to spread additional malware or conduct card-skimming attacks. Fortinet experts are the first to examine the malware's potent capabilities.
Top Vulnerabilities Reported in the Last 24 Hours
Microsoft addresses nearly 50 flaws.
In its final Patch Tuesday of 2022, Microsoft issued patches for two zero days. There have been 49 patches released, with 23 RCE, 19 privilege escalation, 2 security feature bypass, 3 information disclosure, 3 DoS, and one spoofing flaw. Six of the 49 were labelled 'Critical' due to their RCE abilities.
Apple has issued about a dozen advisories.
Apple has issued ten security advisories for its products, including a fix for a zero-day exploited by threat actors against iPhone users. The flaw, CVE-2022-42856, is a type confusion flaw that affects the WebKit browser engine. A specially crafted website could exploit the flaw to allow arbitrary code execution.
Citrix bug abuse is highlighted by the NSA.
The National Security Agency (NSA) believes APT5 was involved in the active exploitation of a zero-day vulnerability in Citrix Application Delivery Controller (ADC) and Gateway. A hacker who exploits the CVE-2022-27518 vulnerability can take control of affected systems. The flaw does not affect Citrix ADC or Citrix Gateway versions 13.1.
Patch Tuesday updates from SAP
As part of its December 2022 Security Patch Day, SAP released 14 new and five updated security notes. With a CVSS score of 10.0, the most serious bug addressed deals with software updates for the Chrome-based browser in SAP Business Client. Another security note discusses a bug that, at the operating system level, can threaten the replacement of any file in the BusinessObjects server, but only with normal files.
That vulnerability is deemed 'critical.'
After IBM Security X-Force discovered a bug in the Windows SPNEGO NEGOEX Security Mechanism, it was rated 'Critical.' The discovered bug could allow attackers to remotely execute code. CVE-2022-37958 is a pre-authentication RCE vulnerability that affects a variety of protocols and can provide attackers with wormable capabilities.