Thousands of Brazilian banking customers have been infected by a new hybrid Android/Windows malware threat campaign. The hackers behind it, who are also behind the Windows banking malware Casbaneiro, have created a new threat called BrasDex. In another malware incident, the highly active Play ransomware group was seen targeting Exchange servers using a new exploit chain known as OWASSRF, which bypasses Microsoft's security check for ProxyNotShell bugs.

The Ghost blogging platform was discovered to be riddled with two security flaws, allowing an unauthenticated user to make unauthorised changes to settings, expose confidential data, and even narrow down potential victims for next-stage phishing attacks.

Top Breaches Reported in the Last 24 Hours

The Guardian is the victim of a ransomware attack.

A ransomware attack disrupted several services at The Guardian, the leading British news organisation. The employees have been asked to work from home for the next week. The company has not disclosed any information about a potential ransom demand. Researchers added that the incident may have had a broader impact than previously thought.

A cyberattack has hit a sports betting company.

A cybercrime group obtained personal and financial information from BetMGM customers. Names, phone numbers, DOBs, SSNs, and transactional data have all been leaked. While the company announced the incident, it did not say how many customers were affected by the breach.

Top Malware Reported in the Last 24 Hours

Casbaneiro operators' BrasDex

Threat actors and the creators of the Windows banking malware Casbaneiro have released BrasDex, an Android trojan. As part of an ongoing multi-platform campaign, the malware targeted a number of Brazilian banking apps as well as a highly capable Automated Transfer System (ATS) engine. The malware includes a complex keylogging system designed to steal credentials by abusing Accessibility Services.

The Zerobot botnet is being promoted.

With a new round of updates, the Zerobot DDoS botnet can now take over more internet-connected devices and expand its infection network. Not only does the new strain improve its DDoS attack capabilities, but it also allows it to exploit two Apache bugs, CVE-2021-42013 and CVE-2022-33891. The ongoing threat is tracked by Microsoft Threat Intelligence Center (MSTIC) as DEV-1061.

Top Vulnerabilities Reported in the Last 24 Hours

The ransomware OWASSRF by Play

CrowdStrike security analysts reported a new OWASSRF exploit method that requires a hacker to exploit ProxyNotShell flaws (CVE-2022-41080 and CVE-2022-41082) in Microsoft Exchange servers. An attacker can use this to launch RCE attacks via Outlook Web Access (OWA). A deeper investigation revealed that Play ransomware strains were exploiting Exchange flaws.

Ghost users

Ghost, a JavaScript-based blogging platform, has two security flaws. The first, CVE-2022-41654, is an authentication bypass flaw that allows unprivileged users to make unauthorised changes to newsletter subscription settings. The other vulnerability, identified as CVE-2022-41697, is an enumeration flaw in the login functionality that could result in a sensitive data leak.

Passwordstate bug risks user passwords

Click Studios patched seven types of vulnerabilities in its enterprise password manager Passwordstate, including a critical API authentication bypass flaw identified as CVE-2022-3875. The password manager vulnerability could allow a threat actor to obtain users' passwords, OTPs, and other secrets simply by using their usernames.

Top Scams Reported in the Last 24 Hours

Malicious ad scams proliferate

Ad fraud is on the rise.

The FBI issued a warning about cyber adversaries who use SEO techniques and search engine advertisements to rank their preferred websites in order to drop ransomware payloads or extract login credentials for financial institutions and cryptocurrency exchanges. Scammers pose as legitimate businesses or services in order to lure victims into their traps.