Go to listing page

Cyware Daily Threat Intelligence, August 30, 2022

Cyware Daily Threat Intelligence, August 30, 2022

Share Blog Post

Many top cybercriminal groups operate in nexus for successful attacks. Three such campaigns were uncovered recently by security experts wherein multiple malware strains, including ModernLoader and RedLine Stealer, were used to cause damage to users and organizations. Meanwhile, things got worse for millions of indebted students in the U.S. after their personal and loan data got spilled in a cyberattack. This may lead to sophisticated hackers using their personal details and crafting phishing messages to harm them further.

Researchers have represented scenarios that hackers could exploit to steal Okta credentials of legitimate users. The trick involves requesting to change the details of existing users’ accounts by accessing admin credentials.

Top Breaches Reported in the Last 24 Hours


Russian streaming platform compromised
START, a Russian streaming service, fell victim to a ransomware attack, affecting the personal information of its 44 million customers. According to a Telegram channel, hackers have posted screenshots as proof of the stolen 72GB database. While a majority of the victims are in Russia, the incident includes millions of victims from Kazakhstan, China, and Ukraine as well.

2.5 million loan data leaked
A breach event at Oklahoma Student Loan Authority (OSLA) and EdFinancial exposed loan data for nearly 2.5 million individuals. However, the incident occurred at their technology services provider Nelnet Servicing that gives students access to their loan accounts. Officials stated that no financial account numbers or any form of payment information were exposed.

World’s top book distributor under attack
A ransomware attack crippled one of the largest distributors, Baker & Taylor, causing disruptions to its business-critical systems. The attack reportedly impacted its phone systems, service centers, and other systems. The distributor didn’t disclose the name of the ransomware family involved in the incident or confirm the data stolen.

Top Malware Reported in the Last 24 Hours


Malware served in Amazon gift cards
Cisco Talos has reported about cybercriminals dropping ModernLoader RAT and RedLine Stealer, in three different campaigns. In one of the campaigns earlier this year, it was also observed delivering the XMRig cryptomining malware. Attackers compromise vulnerable web apps to host their malware that are delivered via files masquerading as Amazon gift cards.

Top Vulnerabilities Reported in the Last 24 Hours


Impersonation threat hovers over Okta
Researchers from cloud identity firm Permiso claimed that the legitimate process of changing credential details within Okta can be abused by an unauthenticated user to impersonate a verified user. The prerequisite to pull off this attack relies on either having Okta super administrator’s or application administrator’s credentials, which can be phished or bought through dark web leaks. If not, a hacker with the ability to bypass MFA can also steal user credentials.

 Tags

oklahoma student loan authority osla
modernloader
redline infostealer
start
okta credentials
baker taylor
edfinancial
nelnet servicing
xmrig
amazon gift card

Posted on: August 30, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.