Go to listing page

Cyware Daily Threat Intelligence, August 19, 2022

Cyware Daily Threat Intelligence, August 19, 2022

Share Blog Post

Cisco's Secure Web Appliance plays a crucial role when it comes to thwarting risky sites while providing application visibility and control. Lately, a critical bug in Cisco systems could let attackers execute arbitrary commands on the underlying OS and elevate privileges to root. In other threats, Grandoreiro, an infamous banking trojan, was observed being dropped on Mexico and Spain. Attackers impersonate top government officials as bait to lure victims into dowloading the threat.

That’s not all. A warning was issued to federal agencies in the U.S. to patch a SAP vulnerability in the given time. All in all, the CISA added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Top Breaches Reported in the Last 24 Hours

5.7 billion Chinese records exposed
Cybernews research team spotted an open ElasticSearch instance containing 626GB of VPN connection logs, amounting to 5.7 billion records. The exposure was caused by the Android app for Airplane Accelerates, a free VPN service. An analysis of the app disclosed that it can also function as spyware, and has RCE capabilities.

Estonia bombarded with DDoS
A humongous DDoS attack was launched at Estonian public as well as private institutions. Pro-Russia actor Killnet claimed responsibility for the attacks, saying the attack impacted over 200 financial services. The hacker group said it acted in the wake of the removal of the replica World War II Soviet Tu-34 tank from public display. However, Estonian officials claimed they could resist the attack.

Top Malware Reported in the Last 24 Hours

Banking trojan invades Spanish-speaking nations
A banking trojan, Grandoreiro, has been spear-phishing organizations in Mexico and Spain across industry verticals, such as automotive, chemicals, and manufacturing. Adversaries reportedly impersonate government officials from the Attorney General’s Office of Mexico City and the Public Ministry in emails to lure victims.

Top Vulnerabilities Reported in the Last 24 Hours

CISA warns regarding SAP bug
The CISA has listed another critical flaw in its Known Exploited Vulnerabilities Catalog that concerns SAP. Identified as CVE-2022-22536, the remotely exploitable bug could be abused to fully compromise any SAP installation across the globe. So far, there is no public information describing the attacks exploiting the flaw. Feds were ordered to address the vulnerability by September 8.

Cisco patches high-severity flaw
Cisco revealed suffering an escalation of privilege vulnerability in AsyncOS for Cisco Secure Web Appliance. The vulnerability, tracked as CVE-2022-20871, exists because user-supplied input for the web interface is not sufficiently validated. Exploiting it would let an unauthenticated user run arbitrary commands and even elevate privileges to gain root access.


elasticsearch database
cisco wsa
killnet group
cve 2022 22536
grandoreiro trojan
cve 2022 20871
airplane accelerates
sap bug
ddos attacks
attorney generals office of mexico

Posted on: August 19, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.