Go to listing page

Cyware Daily Threat Intelligence, August 03, 2022

Cyware Daily Threat Intelligence, August 03, 2022

Share Blog Post

POC exploits definitely help but sometimes they become the reason behind your network’s compromise. Patching as soon as a critical fix is released is the only way out. VMware has warned against an authentication bypass bug whose technical write-up and POC exploit will soon be in the public domain. The threat concerns local domain users on VMware Workspace ONE Access, vRealize Automation, and Identity Manager. In other news, the open-source DevOps platform Jenkin warned of 27 plugin vulnerabilities, with 18 of them being zero-day flaws. None of those patched. Some high severity issues were addressed though.

Attacks through blockchain bridges are not just a trend-in-the-making anymore. Cyber adversaries infiltrated the networks of a blockchain-based security platform to pilfer nearly $200 million. This makes the incident the third-biggest crypto heist of 2022 thus far.

Top Breaches Reported in the Last 24 Hours


Ransomware attack on semiconductor manufacture
German firm Semikron, a power engineering component manufacturer, has disclosed suffering a ransomware attack. Hackers are reportedly trying to extort the company by threatening to leak the stolen data. Early indicators point toward an LV ransomware infection. Attackers claim they are in possession of 2TB worth of documents.

Cryptocurrency service firm lost approx $190 million
Attackers made off with $190 million in funds from Nomad, a blockchain security group in San Francisco. The draining of funds began on Monday and continued till Tuesday before it came to notice. Experts revealed that the crime was pursued by numerous copy-and-paste actors (novice).

Millions swindled from Solana
An attack aimed at the Solana blockchain platform may have burnt a hole worth $5.2 million in the firm’s pocket. Reports claim that cybercriminals targeted up to 7,936 wallets to harvest crypto assets including SOL, NFTs, and over 300 Solana-based tokens. Users are advised to transfer all assets to a trustworthy centralized exchange or hardware wallets to avoid any mishap to their assets.

Data breach at Spain’s scientific research body
Spain’s science ministry confirmed a July 16-17 ransomware attack on the Spanish National Research Council. The initial investigation found no sensitive or confidential information leakage. Authorities suspect the involvement of Russia-backed hackers. However, the attack wasn’t much of a success, going by the claim.

Top Malware Reported in the Last 24 Hours


Thousands of GitHub repositories Cloned
Cybercriminals were found distributing malware-infected copies for thousands of software repositories on GitHub. Contrary to the claim of over 35,000 projects, there were 35,000+ search results showing files containing a malicious URL, which represents only the number of suspicious files. GitHub has kicked out most of the cloned repositories. The malware can be used to steal sensitive information, such as API keys, tokens, crypto keys, and AWS credentials.

Top Vulnerabilities Reported in the Last 24 Hours


Google Patch Tuesday update
Google has addressed 27 vulnerabilities to release Chrome 104 for Windows, Mac, and Linux. According to reports, none of these bugs have been exploited in the wild so far. The release has cost the tech giant approximately $90,000, given out to researchers reporting the flaw. 

Updates for GeForce GPUs released
Nvidia has issued patches for over a dozen flaws in GeForce Security Update Drivers for Windows 7, Windows 8, and Windows 8.1. The flaws could be exploited to cause a DoS condition, information leak, escalation of privileges, or data tampering. Users are requested to check the bulletin and patch the flaws to protect their devices against potential attacks.

VMware fixes 10 vulnerabilities, one critical
Multiple VMware solutions were found to be vulnerable to cybercrime activities. One of the vulnerabilities, identified as CVE-2022-31656, is rated as high-severity as it can lead an attacker to the UI to hijack administrative access. The company advises clients to patch or mitigate the vulnerability immediately. It has also published a FAQ document for reference for enterprise admins to ensure patches or protection.

Jenkins urges to patch systems
Open source DevOps platform and automation server Jenkins has asked users to patch security vulnerabilities affecting over a dozen plugins. The bug list contains a total of 27 plugin vulnerabilities, with five of them labeled ‘high’ impact. The advisory shows that 18 flaws are yet to receive a fix and are effectively zero-days.

 Tags

semikron
solana
google chrome 104
github repositories
lv ransomware
jenkins servers
geforce gpus
nomad
spanish national research council
google patch tuesday
vmware bugs

Posted on: August 03, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.