Go to listing page

Cyware Daily Threat Intelligence, August 23, 2022

Cyware Daily Threat Intelligence, August 23, 2022

Share Blog Post

In an exceptional story of patching a bug, Zoom had to issue a fix for its previous (flawed) security patch. The fix became paramount after a researcher found that attackers could trick the auto-update feature on Zoom video-conferencing software. In other news, trojans were seen working in the background on modern Android OS versions for Android smartphones that are pocket-friendly, counterfeit alternatives for famous brands, including Redmi, Samsung Galaxy Note 30, HUAWEI Mate 40, and more.

Another malware reported in the past 24 hours brags a rare combination of RAT, ransomware, and spyware capabilities. Dubbed Borat RAT, Cyble researchers have laid out a response strategy for organizations to tackle this threat.

Top Breaches Reported in the Last 24 Hours


Greece’s national natural gas hit
DESFA, a natural gas transmission system operator in Greece, fell victim to an attack by the Ragnar Locker ransomware group. Officials claim the attack possibly exposed a number of directories and files. They also added that the firm will not negotiate ransom payment with the attacker group. Furthermore, what caused the attack is still being investigated. 

Textile company suffered breach
Sferra Fine Linens, an Italian textile firm, disclosed a security event that leaked the sensitive personal information of employees. Reportedly, the incident was a ransomware attack but the name of the group is not public yet. The data compromised in the incident includes addresses, birth dates, passport information, driver’s license data, SSNs, financial account information, account credentials, medical and/or health insurance data, electronic signatures, and more.

U.S. healthcare provider under the scanner
Novant Health, the U.S., admitted to—inadvertently—blurting out the data of approximately 1.3 million individuals. The confidential data was mistakenly collected by the Meta Pixel ad tracking script added by Facebook advertisers. A configuration glitch at the facility led to the transmission of the patient information to Meta and its advertising partners.

Top Malware Reported in the Last 24 Hours


An all-in-one RAT?
Cyber experts have stumbled across a new Borat RAT that allows threat actors to spy on users, deploy ransomware, and launch DDoS attacks. A third-party user can gain complete control of a victim's system, giving access to network resources such as files and other sensitive data. Also, it can record from the computer if a microphone is connected.

Cheaper Android phones are real threat
Researchers at Dr. Web spotted backdoor trojans in the system partition of budget Android devices that are essentially fake versions of top brand names. It can help cybercriminals in arbitrary code execution in WhatsApp and WhatsApp Business messaging apps, causing chat interruptions and theft of confidential information in chats. Additionally, the trojan can be used to spur spam campaigns and scams.

Top Vulnerabilities Reported in the Last 24 Hours


RTLS Systems Vulnerable to AitM
Multiple bugs have been found affecting some Ultra-wideband (UWB) Real-time Locating Systems (RTLS) solutions, namely Sewio Indoor Tracking RTLS UWB Wi-Fi Kit and Avalue Renity Artemis Enterprise Kit. A cybercriminal can exploit the bugs to launch Adversary-in-the-Middle (AitM) attacks and tamper with location data. The exploitation can go to the extent of hampering production lines or adding a rogue device for unauthorized access.

Zoom bug for Mac
Hackers are targeting Zoom software users on macOS. This is dangerous because an unauthenticated individual could falsify Zoom's auto-update feature and revert the software to its previous vulnerable version. Moreover, hackers can deploy an entirely different program replacing the software, with root access to the Mac computer. Users need to update their Zoom app to version 5.11.5.

Over 80,000 Hikvision cameras vulnerable
Hikvision cameras were found susceptible to a critical command injection flaw, tracked as CVE-2021-3626. About 80,000 cameras were apparently exploitable via specially crafted messages sent to the vulnerable web server. Most of these cameras, as per research, are located in China and the U.S.

 Tags

whatsapp inc
borat rat
zoom for mac
hikvision cameras
aitm attacks
rtls systems
novant health
sferra fine linens
ddos attacks
ragnar locker ransomware
desfa

Posted on: August 23, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.