Go to listing page

Cyware Daily Threat Intelligence, August 16, 2022

Cyware Daily Threat Intelligence, August 16, 2022

Share Blog Post

The Russian-Ukraine cyberwar has a new twist with the introduction of a new information sealer malware dubbed GammaLoad. The Russian cybercriminals, who are behind the attack, allegedly targeted Ukrainian people with phishing emails camouflaged as newsletters and combat orders. Besides, the pace at which malicious Python packages are getting detected hints toward an aggressive trend to attempt supply chain attacks. A dozen typosquatted Python packages were observed pulling off a DDoS attack on a Counter-Strike 1.6 server.

A bootloader is at the core of numerous computer systems built in the past decade. Unfortunately, a research group has discovered that these could be impacted by Secure Boot bypass vulnerabilities. If exploited, these could lead to deploying stealthy and persistent malware in targeted systems.

Top Breaches Reported in the Last 24 Hours


Argentinian judiciary system cyber-attacked
An attack on the Judiciary of Córdoba could be “the worst attack on public institutions in history,” say sources. The intrusion has knocked its IT systems online, digital services, and databases offline. It appears to be the work of the PLAY ransomware actors as the ".Play" extension has been appended to encrypted files by the attackers.

Twilio breach impacts Signal users
Messaging app Signal revealed that the breach incident at Twilio has let cybercriminals access the contacts and SMS verification codes for nearly 2,000 users. As a result of the intrusion, an attacker could re-register an account using the phone number. To address this, Signal will unregister their account for affected users on all devices, requiring users to re-register themselves on the platform.

Top Malware Reported in the Last 24 Hours


Russia used new malware against Ukraine
Russian state-sponsored actors were found striking Ukrainian entities with an information-stealing malware, GammaLoad.PS1_v2. The PowerShell stealer malware was being distributed via phishing emails disguised as bogus newsletters and combat orders. Researchers at Symantec attributed the attack campaign to a threat actor tracked as Shuckworm.

DDoS attack on Counter-Strike 1.6
Checkmarx uncovered 12 malicious PyPI packages typosquatting Python’s top packages, including idna, docutils, and flask, with over 500 million monthly downloads, collectively. The packages were deployed against a game server for CounterStrike 1.6. The malware used is written in C++ and is relatively stealthy as only 11 out of the 69 antivirus engines marked the file as malicious.

Top Vulnerabilities Reported in the Last 24 Hours


Zoom’s macOS had critical bugs
Zoom disclosed the details about the sensitive security gaps that were affecting both the standard and IT admin versions of the application. At DEF CON, macOS security researcher Patrick Wardle presented a scenario of how an unauthenticated user could exploit the bugs in Zoom’s update process to escalate privileges to root. The firm has fixed the auto-update process vulnerability (CVE-2022-28756) and the packet signature validation issue (CVE-2022-28751).

Secure Boot bypass flaw
Eclypsium, a firmware security company, claimed that millions of computers built using Bootloaders—in the past 10 years—are vulnerable to Secure Boot bypass attacks. Researchers have identified the bugs in the Eurosoft (CVE-2022-34301) CVE-2022-34303, CryptoPro Secure Disk for BitLocker (CVE-2022-34303), and New Horizon Datasys (CVE-2022-34302) bootloaders. These may allow a hacker to run arbitrary code before an operating system starts.

 Tags

counter strike 16
gammaload
secure boot vulnerabilities
zoom
twilio
play ransomware
signal messaging app
ddos attacks
judiciary of cordoba
pypi packages
def con

Posted on: August 16, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.