Go to listing page

Cyware Daily Threat Intelligence, August 24, 2022

Cyware Daily Threat Intelligence, August 24, 2022

Share Blog Post

Serious security holes in systems are becoming increasingly common. For instance, GitLab and VMware have issued patches for high-severity bugs, one each. The flaw in the DevOps platform gives room to a hacker for remote code execution via GitHub import API. Meanwhile, a privilege escalation bug was found haunting VMware Tools that affects both Windows and Linux systems. The local privilege escalation vulnerability has no other workaround than applying the fix issued by the firm.

That’s not all. Powerful malware stealers, including Redline and ??RecordBreaker, are being served via software cracks. Hackers succeed in such campaigns using SEO poisoning and malvertising tactics that help push malicious sites high in Google Search results.

Top Breaches Reported in the Last 24 Hours


French hospital faces $10 million attack
Hackers disrupted emergency services and surgeries at a French hospital, the Center Hospitalier Sud Francilien (CHSF) in a cyberattack. According to reports, threat actors have demanded $10 million in ransom to share the decryption key for data restoration. Sources suggest that the attack may have been pulled off by an affiliate of LockBit 3.0 RaaS.

Airline technology provider suffers ransomware attack
Accelya, a technology provider for many of the world’s largest airlines, appears to have been breached by the BlackCat ransomware group. The cybercriminal gang has claimed to have harvested emails, worker contracts, and more during the attack. Preliminary investigation has revealed that the attackers couldn’t move laterally and that the customers’ environments were safe.

Top Malware Reported in the Last 24 Hours


Malware campaigns via pirated programs
Zscaler, a cloud security firm, uncovered a barrage of campaigns aimed at internet users who often attempt to download pirated software programs. In the attachment comes the RedLine or RecordBreaker stealer payload. Some of these malicious software include Wondershare Dr. Fone, Adobe Acrobat Pro, 3DMark, and 7-Data Recovery Suite.

Top Vulnerabilities Reported in the Last 24 Hours


GitLab patches vulnerability (CVSS 9.9)
An authenticated RCE bug tracked as CVE-2022-2884 in GitLab can be triggered via the “Import from GitHub API” endpoint, disclosed researchers. The bug impacts all versions of GitLab Community Edition (CE) and Enterprise Edition (EE) starting from 11.3.4 before 15.1.5, 15.2 before 15.2.3, and 15.3 before 15.3.1. No evidence of in-the-wild attacks reported so far.

Privilege escalation flaw in VMware
VMware fixed a critical security flaw in the VMware Tools suite of utilities that impacts both Windows and Linux platforms. The flaw, identified as CVE-2022-31676, is a local privilege escalation vulnerability. It could be exploited by an actor to escalate privileges as a root user in the virtual machine.

Bug in IBM MQ
IBM released patches for critical vulnerabilities in its messaging and queuing middleware, IBM MQ. This could let a hacker bypass security restrictions while opening a gateway to sensitive information. The two remotely exploitable bugs in question, CVE-2022-27780 and CVE-2022-30115, resided within the libcurl library.

 Tags

vmware tools
center hospitalier sud francilien
pirated software
redlinestealer
accelya
rce bugs
gitlab
lockbit 30
ibm mq
recordbreaker

Posted on: August 24, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.