Daily Threat Intelligence – June 13 – 2023
A widespread brand impersonation campaign targeting over 100 popular brands has been found to be underway since January 2022. Scammers set up at least 3,000 domains propagated via SEO poisoning tactics. The ultimate goal of the campaign is to harvest account credentials and financial information from users.
Moving on, there have been reports on the wide exploitation of MOVEit Transfer and Fortinet FortiOS zero-day flaws that were patched recently. While the SQL injection flaw in MOVEit file transfer software enabled attackers to launch attacks against over 100 organizations, Fortinet claimed the heap-based buffer overflow vulnerability impacting FortiOS and FortiProxy SSL-VPN was used in a limited number of attacks.
Top Breaches Reported in the Last 24 Hours
Around 9 million Zacks’ user data affected
A misconfigured database containing the personal information of more than 8.8 million Zacks Investment Research users has been dumped on a hacking forum. The compromised information includes names, addresses, phone numbers, email addresses, usernames, and passwords stored as unsalted SHA-256 hashes. The oldest entry in the database dates back to May 2020.
St. Margaret’s Health closes operations
St. Margaret’s Health, Illinois, will shut down hospitals and other facilities in Peru and Spring Valley following a ransomware attack that occurred in 2021. The incident impacted all web-based operations, including the patient portal. The systems were also down for more than three months.
Intellihartx discloses a breach
Intellihartx, a patient balance resolution service provider to hospitals, informed roughly 490,000 patients that their personal information was compromised in the GoAnywhere zero-day attack earlier this year. The compromised information includes names, addresses, insurance data and medical billing, diagnosis and medication information, birth dates, and Social Security numbers.
Top Malware Reported in the Last 24 Hours
New DoubleFinger loader spotted
Researchers uncovered a new malware loader, dubbed DoubleFinger, deploying GreetingGhoul cryptocurrency stealer on victims’ machines. The multi-stage campaign appears to be primarily targeting entities in Europe, the U.S., and Latin America. In some cases, the malware loader was found deploying Remcos RAT alongside DoubleFinger using multiple evasion tactics, including steganography.
BatCloak obfuscation tool
Researchers are warning of a new obfuscation tool, dubbed BatCloak, becoming increasingly popular with adversaries. The tool makes it difficult to detect BAT files. The tool showed a staggering 80% success rate when it comes to allowing malicious BAT files to slip past antivirus detection engines.
Top Vulnerabilities Reported in the Last 24 Hours
New victims of MOVEit zero-day exploitation
U.K.’s communication regulator Ofcom disclosed a data breach after Cl0p ransomware exploited the zero-day flaw (CVE-2023-34362) in MOVEit file transfer software and accessed the infrastructure of the regulator. Among the other latest victims that are impacted by the exploitation of MOVEit zero-day flaw are the Illinois Department of Innovation & Technology (DoIT) and the Minnesota Department of Education (MDE). Meanwhile, researchers have released a PoC exploit code for the flaw, indicating more attacks in the future.
More attack vectors against MOVEit Transfer
Researchers at Huntress discovered further attack vectors against MOVEit Transfer for which Progress Software issued fresh patches. The newly identified vulnerabilities have been designated as CVE-2023-35036. They are characterized as SQL injection flaws, allowing unauthenticated attackers to potentially infiltrate MOVEit databases.
FortiOS zero-day flaw exploited
Fortinet warned that the recently patched zero-day flaw, tracked as CVE-2023-27997, was exploited in a limited number of attacks. The heap-based buffer overflow vulnerability is one of the six vulnerabilities existing in the FortiOS and FortiProxy SSL-VPN modules and can allow a remote hacker to execute arbitrary commands using specially crafted requests.
Top Scams Reported in the Last 24 Hours
Massive impersonation scam discovered
A widespread brand impersonation scam campaign has been discovered targeting over 100 popular clothing, footwear, and apparel brands. The campaign has been active since 2022 and peaked between November 2022 and February 2023. Scammers have set up more than 3,000 domains impersonating major brands such as Nike, Puma, Clarks, Crocs, Caterpillar, Fila, and Vans. SEO poisoning tactic is used to dupe unsuspecting users.
Over $3 million in assets stolen
A large number of Discord and Twitter platforms, including Evomos, Pika Protocol, OpenAI CTO, and Orbiter Finance, were hacked to steal over $3 million in assets from almost 1,932 victims. The incident has been associated with a group called Pink Drainer that pulled off the act by impersonating journalists from well-known media outlets such as Decrypto and Cointelegraph.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.