Go to listing page

Cyware Daily Threat Intelligence, August 08, 2022

Cyware Daily Threat Intelligence, August 08, 2022

Share Blog Post

Kaspersky took the wrap off of a new Chinese cyberespionage operation while pursuing an investigation into a malware campaign. The campaign is spread-out in East European countries and drops a dangerous PortDoor backdoor. Parallelly, the CISA’s catalog finds a new entrant as adversaries continue to exploit the critical Zimbra bug, tracked as CVE-2022-27824. If exploited, it can open a path for them to access a vulnerable email server, which may eventually lead to spear-phishing, social engineering, and BEC type of scams.

Roughly two dozen bugs discovered in F5 products are now patched. About a dozen bugs, particularly the DoS flaws, could be exploited remotely and require no user authentication. So far, none of the vulnerabilities appear to be abused in the wild.

Top Breaches Reported in the Last 24 Hours


Smishing leaks Twilio’s customer data
Customer engagement platform Twilio disclosed falling victim to an SMS phishing, or smashing, campaign that targeted its employees for their login credentials. Hackers used the credentials to access customer data that may include sensitive information. The firm has refrained from commenting on the geographical impact of the breach.

Over 100 dental practices shut down
dental clinics were impacted by a cyberattack on Colosseum Dental Benelux, a dentistry service spread across the Netherlands and Belgium. The staff could not access customers’ patient history. The early signs suggest that it was a ransomware attack. Officials did not disclose the kind of data that hackers may have compromised.

Unknown hacker dumps data
A threat actor is offering about 4TB of proprietary data belonging to Israeli smartphone hacking (or cracking) firm, Cellebrite. The breach involves the company’s flagship product, Cellebrite Mobilogy, and the Cellebrite Team Foundation server. According to the report, the leaked data is only being offered to researchers and journalists.

Top Malware Reported in the Last 24 Hours


Chinese cyberspies deploy PortDoor
Kaspersky linked an attack campaign deploying the new PortDoor malware, backdooring the defense industry in Eastern Europe, to Chinese APT TA428. The cyberespionage operation has been targeting design bureaus, research institutes, industrial plants, government agencies, and ministries across Belarus, Russia, Ukraine, and Afghanistan.

Top Vulnerabilities Reported in the Last 24 Hours


CISA catalog gets a fresh entry
The CISA has listed the Zimbra bug in its Known Exploited Vulnerabilities Catalog. Identified as CVE-2022-27824, the bug allows a third party to extract email account credentials (in cleartext) from Zimbra Collaboration instances without the need for any user interaction. The technique is known as Memcache poisoning via CRLF injection. It reroutes all IMAP traffic to the attackers’ server when a legitimate user attempt to log in.

F5 addresses 21 vulnerabilities
Security and application delivery solutions provider F5 has fixed 21 flaws affecting BIG-IP and other products in its quarterly security notification for August 2022. It contains nearly a dozen high-severity vulnerabilities that could be exploited to execute arbitrary code, cause a DoS condition, escalate privileges, and more. The other eight flaws are medium-severity and the last one is a low-severity flaw.

 Tags

zimbra webmail solution
known exploited vunleabilites catalog
f5 inc
big ip system
twilio
cellebrite
cve 2022 27824
cisa
ta428
portdoor
colosseum dental benelux

Posted on: August 08, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.