Top Breaches Reported in the Last 24 Hours
Killnet takes down U.S. airports
The websites of several major airports in the United States were targeted by the Russian threat actor group KillNet. Travelers appear to have encountered difficulties connecting to and receiving updates about their scheduled flights, as well as using any other airport services. While ATL and LAX websites are nearly inaccessible, other airports returned database connection errors.
Top Malware Reported in the Last 24 Hours
New ‘Creep’ malware series
The POLONIUM espionage group, according to ESET, has been using four new never-before-seen backdoors: TechnoCreep, FlipCreep, MegaCreep, and PapaCreep. While some of the 'Creep' malware backdoors used cloud services for C2 servers, such as Dropbox, OneDrive, and Mega, others used standard TCP connections to remote C2 servers or got commands to run from files hosted on FTP servers. The most recent one was discovered in September, and it is the first one written in C++ by the hacker group.
New tactics by IcedID malware
IcedID malware's distribution and delivery methods have been observed to improve. What works best against a variety of targets is likely to be determined by behavior. In its latest development, the malware communicates to its C2 through a proxy over HTTPS and downloads additional payloads as directed by its operators. IcedID malware began as a modular banking trojan in 2017 but has since evolved into a malware dropper.
Mandiant discovers Caffeine service
Threat actors were observed using Caffeine, a shared PhaaS platform, against Mandiant Managed Defense customers in an attempt to steal their Office 365 account credentials. The platform encourages new users to start their own phishing campaign. Caffeine also provides phishing templates aimed at Russian and Chinese platforms, as opposed to other PhaaS platforms that focus on the West.
Top Vulnerabilities Reported in the Last 24 Hours
Hidden DNS resolvers are dangerous.
SEC Consult, an application security firm, warned that hidden DNS resolvers could be used to perform email redirection and account takeover attacks. An outsider can exploit web application functionality to easily attack closed resolvers. Using a cache poisoning attack, it is possible to manipulate the DNS name resolution closed DNS resolvers..
Seven high-severity RCE flaw
Horner Automation's Cscape product was discovered to be laced with seven critical vulnerabilities, which the vendor has addressed in two stages. Out-of-bounds read/write, heap-based buffer overflow, and uninitialized pointer issues caused by improper validation of user-supplied data when the application parses fonts are all examples of these bugs.
Android’s security update patches 50 bugs
Google released security updates for Android in October 2022 that addressed approximately 50 flaws. CVE-2022-20419, a high-severity vulnerability in the Framework component, is one of them. It is an information disclosure bug that could allow an unauthenticated user to escalate privileges without requiring additional execution privileges.