Daily Threat Intelligence – May 31 – 2023
Looking at its wide user base, WordPress is a hotbed of attacks. Thanks to security experts for securing a bug duo on two different WordPress plugins: Jetpack and Gravity Forms. The first issue was found to affect 5 million sites, whereas the other concerned more than 930,000 websites worldwide. Meanwhile, a nasty Android malware has taken the Google Play Store for a ride. How? Security researchers disclosed a massive cyberattack operation that propagated SpinOk malware on over 400 million devices. The malware could steal Android users’ private data and even crypto funds.
In a recent update, Apple has taken measures to resolve a security vulnerability that allowed attackers with root privileges to bypass System Integrity Protection (SIP) and deploy malicious programs.
Top Breaches Reported in the Last 24 Hours
Real estate firm blabbers sensitive data
Neho, a Swiss-based real estate agency, exposed sensitive user credentials to the public, potentially enabling threat actors to compromise the company’s network. The security mishap occurred due to a configuration issue on its website. There was a publicly accessible file that contained credentials for PostgreSQL and Redis databases, encompassing details such as the port, host, username, and password information.
Top Malware Reported in the Last 24 Hours
Hundreds of apps infect millions of devices
Security experts at Dr. Web tracked down SpinOk Android malware being distributed as an advertisement SDK in over 100 apps. The malware-infested apps, with a cumulative download count exceeding 400 million, pose a significant threat. It features the clipboard modification functionality to pilfer account passwords, and credit card data, and hijack cryptocurrency payments.
Two malware tools used in five attacks
The Dark Pink threat group was spotted utilizing a pair of customized malware tools known as TelePowerBot and KamiKakaBot for extracting sensitive data from compromised hosts. The group has been associated with five new attacks directed toward entities in Belgium, Indonesia, Brunei, Thailand, and Vietnam, between February 2022 and April 2023.
BlackSuit and Royal groups are ‘close’
Trend Micro examined and uncovered “an extremely high degree of similarity” between the recently surfaced BlackSuit group and the Royal ransomware group. They share approximately 98% similarity in functions, 99.5% similarity in code blocks, and 98.9% similarity in jump instructions, as witnessed on BinDiff, a comparison tool for binary files. Experts also found eerie similarities between Royal Win32 and BlackSuit Win32 variants.
Top Vulnerabilities Reported in the Last 24 Hours
Jetpack plugin patched for a flaw
Automattic, the firm behind the open-source WordPress CMS, force-updated millions of sites to fix a security bug found in the Jetpack WordPress plug-in. The plugin has over 5 million active installations. An attacker could exploit this bug to gain control over any files within the WordPress installation, enabling them to manipulate them at their will. Officials denied having any evidence of the active exploitation of the bug.
100k websites on risk
Another WordPress plugin Gravity Forms has been found vulnerable to CVE-2023-28782, an unauthenticated PHP Object Injection flaw. PatchStack, the firm that discovered the bug, noted that in some special cases, a hacker could abuse the flaw to access and modify files, execute arbitrary code, and perform other malicious activities. The plugin is used on over 930,000 websites.
SIP root restriction bug
Microsoft security researchers reported a vulnerability tracked as CVE-2023-32369 to Apple that could allow cybercriminals access to a victim’s private data. Attackers with root permissions could exploit the vulnerability in macOS by leveraging the Migration Assistant utility, which possesses SIP-bypassing capabilities. Bypassing SIP enables threat actors to circumvent Transparency, Consent, and Control (TCC) security checks.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.