Go to listing page

Cyware Daily Threat Intelligence, August 05, 2022

Cyware Daily Threat Intelligence, August 05, 2022

Share Blog Post

Emergency systems are at the core of public safety. Hackers could hijack the Emergency Alert System encoder/decoder devices in the U.S. due to security weaknesses. The national public warning system suffered a serious security flaw, whose proof of concept is expected to be disclosed at the upcoming DEFCON 2022 conference in Las Vegas. With two high-severity bugs found, Cisco Small Business VPN routers are at the risk of being seized by an unauthenticated attacker. The bugs are in the web-based management interface and the web filter database update feature.

Meanwhile, the German Chambers of Commerce appears to have fallen victim to a ransomware attack. Authorities, who referred to the attack as “massive,’ are not sure how long the essential services will remain shut down.

Top Breaches Reported in the Last 24 Hours


‘Massive’ attack on a German chamber 
A major cyberattack targeted the Association of German Chambers of Industry and Commerce (DIHK), throwing its IT systems, including telephones, email servers, and digital services, offline. The nature of the attack points toward a ransomware threat actor. The news of the breach was announced via a LinkedIn post. More information is awaited on the type of compromised data.

Indiana neurology facility disclosed ransomware infection
Neuro Practice, Indiana, exposed the sensitive information of nearly 363,000 individuals in a ransomware attack allegedly by the Hive group. A plethora of patient data, such as names, SSNs, email addresses, medical record numbers, patient account numbers, diagnosis and treatment information, and insurance information, has made it to the dark web.

Top Malware Reported in the Last 24 Hours


Iranian threat actors targeted Albania?
Researchers at Mandiant stumbled across ROADSWEEP, a ransomware family, and a Telegram persona, both of which were involved in attack campaigns against the Albanian government. Experts suspect that a previously unknown backdoor CHIMNEYSWEEP and a new ZEROCLEAR (wiper) variant could also be a part of this campaign.

Top Vulnerabilities Reported in the Last 24 Hours


Sensitive flaws discovered in Cisco routers
Researchers have unearthed three security flaws in Cisco’s RV160, RV260, RV340, and RV345 series VPN routers. These flaws can be remotely exploited by an attacker to trigger arbitrary code execution and DoS condition. Two of the vulnerabilities, identified as CVE-2022-20842 and CVE-2022-20827, have received a ‘critical’ severity rating. While the former affects the routers’ web-based management interface, the latter concerns its web filter database update feature.

Site isolation bypass hits Chromium
Security researcher Alesandro Ortiz reported a bug in the Chromium project, allowing attackers to bypass site isolation protection through popup windows and iFrames. When successfully exploited, the bugs can lead to the leak of sensitive data, reading and modifying cookies, and access to microphone and camera feeds. The vulnerability was caused by a code change made to the browsers’ previous version.

Critical flaws in Emergency Alert System
The DHS is warning of critical vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. Officials avoided revealing details about the bug to prevent its active exploitation by cyber adversaries. The threat can let a cybercriminal seize the nation’s emergency broadcast network and issue bogus announcements through radio and TV stations.

 Tags

hive ransomware group
dhs warnings
emergency alert systems
neuro practice
iranian threat actors
chromium vulnerability
association of german chambers of industry and commerce dihk
cisco routers
albanian government

Posted on: August 05, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.