This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
Why play catch up when you can fix it now?
Check out our Threat Intelligence Podcast featuring Top Three Threats of the Week!
Trending Threats
Vulnerabilities to Watch Out For
Trending Threats
Miuuti’s Campaign Against the Gaming Industry
Miuuti Group has recently set its sights on the gaming industry. Since 2015 this group has exploited multiple zero-day vulnerabilities to infiltrate communication software. In recent years, however, they have used two zero-day vulnerabilities to attack several gaming companies – a CVE-unassigned vulnerability and CVE-2021-21220. The first vulnerability allows direct execution of arbitrary codes so attackers can gain a foothold inside the gaming company and conduct further lateral penetration.
CVE-2021-21220 allows the realization of asar hijacking to trigger remote code execution and eventually the takeover of the command center. Both the vulnerabilities have been fixed by the respective companies.
Usually, third-party downloads of gaming software allow such attacks to happen. Gamers need to ensure that they download only the legitimate versions of online games.
Malware Affecting MacOS in 2022
A recent report details the malware that impacted macOS in 2022. Given below are the details of the malware:
Malware Name |
Description |
Month of Origin |
CVEs Associated |
SysJoker |
A Simple cross-platform backdoor with download and execute capabilities |
Jan 2022 |
|
DazzleSpy |
A cyber-espionage implant deployed via Safari exploits. |
Jan 2022 |
|
CoinMiner |
A crypto-currency miner using open source components |
Mar 2022 |
|
Gimmick |
A multi-platform backdoor using cloud providers for command & control |
Mar 2022 |
|
oRat |
An APT group malware backdoor with the ability to construct a custom command & control server |
Apr 2022 |
|
CrateDepression |
A malware spread through “typosquatting” of a Rust Crate. Installs persistent Poseidon agent |
May 2022 |
|
Pymafka |
A malware spread through “typosquatting” of a Python package. Installs compiled Cobalt Strike agent |
May 2022 |
|
VPN Trojan (“COVID”) |
A persistent backdoor downloading and executing 2nd-stage payloads from memory |
Jul 2022 |
|
A malware using cloud providers for command & control. Exfiltrates documents, keystrokes, and screenshots |
Jul 2022 |
||
rShell |
A backdoor delivered via supply-chain attacks. Offers basic capabilities to the remote attacker |
Aug 2022 |
|
The Alchimist attack framework deploys cross-platform “Insekt” payloads including macOS variants. |
Oct 2022 |
||
KeySteal |
A keychain stealer embedded in the trojanized copy of ResignTool |
Nov 2022 |
|
SentinelSneak |
A malicious Python package targeting developers and exfiltrating sensitive data through “typosquatting” |
Dec 2022 |
Vulnerabilities to Watch Out For
CVE-2022-43931: Critical Vulnerability in Synology
Synology is a Taiwanese Network-Attached Storage device maker. Recently they fixed a vulnerability that affected their routers configured to run as VPN servers. CVE-2022-43931 occurs in the VPN Plus Server that allows administrators to set up Synology routers as a VPN server to allow remote access to resources behind the router. It can be exploited in low-complexity attacks without requiring privileges on the targeted routers or user interaction and leads to remote code execution..
Synology published a security advisory to patch this vulnerability.
CVE-2022-47523: Critical ManageEngine Bug
ManageEngine urges all their customers to patch a critical security flaw affecting multiple products. CVE-2022-47523 is a SQL injection vulnerability in Password Manager Pro secure vault, PAM360 privileged access management software, and Access Manager Plus privileged session management solution. Exploiting this vulnerability will allow unauthenticated access to the backend database.
ManageEngine released a security advisory to patch this bug.
Multiple Command Injection Vulnerabilities in Fortinet Products
CVE-2022-39947 and CVE-2022-35845 are two critical vulnerabilities in FortiADC web interface and FortiTester respectively.
CVE-2022-39947 can allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests. Fortinet released the patches in an advisory.
CVE-2022-35845 could lead to arbitrary command execution in the underlying shell. However, to exploit this vulnerability an attacker needs authentication. Here is the security advisory for this vulnerability.
Follow our weekly Threat Intelligence Series and podcast for proactive alerts on trending threats.