Go to listing page

Cyware Daily Threat Intelligence, August 12, 2022

Cyware Daily Threat Intelligence, August 12, 2022

Share Blog Post

Modifying source code and introducing custom configuration to a popular DMBS has invited new troubles. As per reports, a majority of cloud vendors are modifying codes for PostgreSQL, leaving customer databases at the risk of theft. In other news, U.S. officials warned against the Zeppelin ransomware infection as it continues to gain prominence in the cybercriminal underground marketplaces. It is actively targeting large organizations in Europe and the U.S.

The Zimbra email and collaboration platform has been in the headlines for various bugs for the past two weeks. A new report revealed that threat actors exploited a couple of bugs to target more than 1,000 servers. 

Top Breaches Reported in the Last 24 Hours


Michigan’s water service exposes customers
Ypsilanti Community Utility Authority, Michigan, was targeted by a ransomware group. Experts say the incident may have impacted the personal and banking data of about 2,000 Ypsilanti-area utility customers. Authorities are not aware of any misuse of customer data. Customers were advised to contact their financial institution to enquire about account safety steps.

Top Malware Reported in the Last 24 Hours


Zeppelin ransomware on the rise
Zeppelin actors continue to compromise victim networks through RDP, SonicWall firewall vulnerabilities, and phishing. The FBI and CISA have shared TTPs and IOCs regarding the threat to help organizations mitigate the threat and safeguard themselves. Zeppelin is a Ransomware-as-a-Service (RaaS) operation that has undergone several name changes in the past.

Top Vulnerabilities Reported in the Last 24 Hours


High-severity bug in Realtek devices
Tracked as CVE-2022-27255, cybersecurity experts have found a critical vulnerability in the eCos SDK by Realtek. could expose the networking devices of many vendors to remote attacks. The stack-based buffer overflow bug enables an attacker to cause a DoS condition or execute arbitrary code on compromised devices.

Cloud vendors exposing databases
Wiz Research uncovered multiple bugs in popular PostgreSQL-as-a-Service offerings by multiple cloud vendors. By exploiting the bugs, a hacker can gain root access and initiate complex attacks to steal databases of customers in Azure Database for PostgreSQL (Flexible Server). Note that the bug doesn’t reside in the PostgreSQL codebase, but rather in the code modified by cloud vendors as per their project needs.

Cisco risks RSA private key
Multiple patches were rolled out to address flaws in Cisco software. These could be abused by unauthenticated individuals to obtain sensitive information. One of the flaws flaw, identified as CVE-2022-20866, is a logic error that can be exploited to retrieve the RSA private key. It has also patched a client-side request smuggling flaw, CVE-2022-20713.

Authentication bypass in Zimbra Suite
Volexity has revealed a vulnerability in Zimbra that attackers have been abusing to deploy web shells on particular areas of compromised servers to gain persistence. Through CVE-2022-27925 and CVE-2022-37042, hackers already penetrated over 1,000 servers related to the email and collaboration platform.

 Tags

realtek sdk
rsa private key
cisco
cve 2022 20713
zeppelin
cve 2022 27255
postgresql as a service
zimbra collaboration suite
ypsilanti community utility authority

Posted on: August 12, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.