The number of samples detected has increased significantly since the SpyNote spyware developer made their source code public, according to ThreatFabric experts. The malware authors have also started a new spyware project, which could become a paid application and thus a future threat. In a phishing campaign targeting Ecuador-based organizations, a modified variant of QuasarRAT was discovered. The emails in the campaign purported to be from Colombian government officials. Moving on, Fortinet and Zoho discovered major Threat Intelligence Cybersecurity flaws with 'high' severity ratings in their applications. While the Zoho Threat Intelligence bug has been fixed, Fortinet customers are advised to upgrade to the new versions as they become available. The threat of ProxyNotShell is far from over. CVE-2022-41082, one of the two ProxyNotShell flaws, was discovered to be vulnerable on nearly 60,000 Exchange servers. Nonetheless, the number of faulty servers has decreased (albeit marginally) since mid-December. In terms of security flaws, Qualcomm released patches to address five issues that affect some Lenovo models. Some Lenovo models are affected by the aforementioned bugs, which could be exploited to expose sensitive data and cause memory corruption.
The ASEC team also revealed a new threat to the malware landscape. Researchers discovered a new malware downloader based on the shell script compiler (shc) that could instal an XMRing miner on compromised systems.
Top Threat Intelligence Cybersecurity Breaches Reported in the Last 24 Hours
Slack source code repo accessed
Massive Threat Intelligence Cybersecurity breaches. Hackers gained access to Slack private GitHub code repositories over the holidays, according to the company. Adversaries used stolen employee tokens to gain access to its externally hosted repositories. Slack primary codebase and customer data, on the other hand, are unaffected.
AWS storage leak incident
Over 100,000 private customer records and admin credentials were exposed due to an unprotected AWS instance at Cricketsocial[.]com, an online cricket community. While the majority of it appeared to be test data, security experts confirmed that the personally identifiable information of legitimate site users was also compromised. The database also exposed the plaintext credentials of a website administrator, which could lead to an account takeover attack.
Twitter data up for sale
A data set containing the email addresses of 200 million Twitter users was leaked by a hacker. This set is said to be a subset of the same 400 million-set that circulated in November, but it has been cleaned up for duplicates. Experts at Bleepingcomputer have confirmed that it contains duplicates as well.
CircleCI new breach warning
CircleCI, a software development company, disclosed unauthorised network access by unknown individuals. It has advised users to rotate all secrets stored in CircleCI, including those stored as project environment variables or contexts. API tokens used in projects have been invalidated, and users must replace them. CircleCI states it is currently investigating a security incident, according to email notifications being received by CircleCI users
Deezer exposes data of 200 million users
RestorePrivacy first reported on a massive breach at music-streaming service Deezer. The hack, however, is said to have occurred in 2019 at one of Deezer's third-party service providers. The Threat Intelligence Cybersecurity incident exposed the personal information of over 200 million users.
LockBit hits Wabtec Corporation
Wabtec Corporation, a rail and locomotive company based in the United States, revealed a data breach caused by the LockBit ransomware. The leak of sensitive Threat Intelligence Cybersecurity data, which was later posted on the threat actor's leak site, has been confirmed by the organization. In light of the failure of an extortion attempt, hackers also published the link to the stolen data Lockbit attack.
Volvo Cars reported network intrusion
On a hacker forum, a hacker is selling data stolen from Swedish automaker Volvo Cars. The company was the victim of a ransomware attack launched by the Endurance ransomware group in November of last year. The actor is selling the data to interested buyers for $2,500 in Monero cryptocurrency. Volvo car s60
Top Threat Intelligence Cybersecurity Malware Reported in the Last 24 Hours
New SpyNote variant detected
SpyNote spyware is back with an upgraded version to continue targeting financial institutions. The Android malware boasts a wide range of capabilities from installing arbitrary apps to intercepting SMS messages and calls. Malware actors have impersonated Deutsche Bank, Kotak Mahindra Bank, HSBC U.K., and Nubank in its campaigns.
Blind Eagle uses QuasarRAT
In a new campaign involving a version of QuasarRAT, APT-C-36, aka Blind Eagle, is targeting Ecuador-based organisations. In phishing emails, the threat group has impersonated the Colombian government and attached malicious documents or malicious links.
Top Threat Intelligence Cybersecurity Vulnerabilities Reported in the Last 24 Hours
Thousands of Exchange servers are vulnerable
Researchers revealed that approximately 60,000 Exchange servers have yet to be patched against the infamous RCE vulnerability, CVE-2022-41082, aka ProxyNotShell bug. Exploiting the Threat Intelligence Cybersecurity bug successfully allows adversaries to escalate privileges and gain arbitrary code-writing access on compromised servers.
Multiple bugs in Qualcomm chips
Five bugs in Qualcomm chipsets were discovered by researchers, and they also affect Lenovo ThinkPad X13s laptops. Memory corruption and information disclosure are the bugs CVE-2022-40516 through CVE-2022-40520 (due to buffer over-read in Core). Lenovo has issued BIOS updates to address the bugs.
Patch your Fortinet appliance
A critical Threat Intelligence Cybersecurity bug was discovered that affected multiple versions of the FortiADC application delivery controller. The vulnerability, identified as CVE-2022-39947, could allow for arbitrary code execution attacks. Meanwhile, Zoho advised its Access Manager Plus, PAM360, and Password Manager Pro customers to upgrade to the most recent versions due to a SQL injection bug, CVE-2022-47523.
Bugs in-vehicle systems
Security researcher Sam Curry and colleagues discovered several Threat Intelligence Cybersecurity flaws in vehicles made by top manufacturers such as Kia, Honda, Infiniti, Nissan, Acura, Rolls Royce, Ferrari, Ford, Mercedes-Benz, Genesis, BMW, Porsche, Toyota, Jaguar, and Land Rover. These flaws could be exploited to perform malicious actions such as unlocking or tracking cars.