Go to listing page

Cyware Daily Threat Intelligence, August 15, 2022

Cyware Daily Threat Intelligence, August 15, 2022

Share Blog Post

Mobile-enabled payments is a highly trusted space but that was recently breached for Xiaomi users. A research group has uncovered vulnerabilities in the payment system of certain Xiaomi smartphones running MediaTek chips. A combination of vulnerabilities could be exploited to extract private keys and sign fake payment packages. Meanwhile, another group of experts reported the return of the SOVA Android banking Trojan that can now compromise more than 200 banking apps and crypto exchange wallets. The new version boasts a ransomware module too. 

Adding to the cybersecurity woes are thousands of vulnerable VNC instances, with some of them affecting industrial control systems across nations. Moreover, several attack attempts originated from the Netherlands, Russia, and the U.S to exploit those.

Top Breaches Reported in the Last 24 Hours


Employee data dating back to 1970 exposed
Waterloo Region's District School Board revealed it fell victim to a cyberattack wherein a hacker accessed internal network drives that stored sensitive information about employees’ payroll and benefits administration. Several current and previous employees since 1970 were affected by the attack. The scope of impact on student data is yet to be determined.

Top Malware Reported in the Last 24 Hours


PyPI package Mines for crypto
Sonatype found a new PyPI package containing a fileless cryptominer targeting Linux systems. Dubbed secretslib, it drops a Monero miner likely created via the ‘memfd_create‘ system call that lets developers root unknown files in RAM without the need to write the files to disk. The package, described as "secrets matching and verification made easy," was downloaded about 100 times.

New version of SOVA Android Trojan
SOVA version 5.0 has resurfaced to expand its attack surface to infect over 200 applications, including banking apps and crypto wallets. The new variant comes with the capability to encrypt devices with ransomware, although the feature is still at its primitive stage. Cleafy, an online fraud prevention firm, claimed that Spain has been the most aggressively targeted country, followed by the Philippines and the U.S. 

Top Vulnerabilities Reported in the Last 24 Hours


Flawed payment systems in smartphones
According to Check Point researchers, security bugs in Xiaomi Redmi Note 9T and Redmi Note 11 smartphone models could be abused to hamper the payment processes. These models notably use MediaTek chips that provide the Trusted Execution Environment (TEE) for signing transactions. Researchers could even bypass Xiaomi and MediaTek security patches, which eventually opened up more possibilities for exploitation.

Unsecure VNC endpoints
Cyblesecurity researchers have unearthed at least 9,000 unprotected VNC (virtual network computing) endpoint instances that attackers can abuse to infiltrate internal networks. Some of these exposed VNC instances were also traced to industrial control systems, which are critical to industry operations. Most of the exposures were found in China and Sweden. Moreover, it could prove to be very risky in case any water treatment facility is exposed.

 Tags

xiaomi redmi note 11
sova android trojan
vnc
waterloo regions district school board
ransomware attacks
mediatek
secretslib
xiaomi redmi note 9t
pypi packages

Posted on: August 15, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.