Go to listing page

Cyware Daily Threat Intelligence, December 15, 2022

Cyware Daily Threat Intelligence, December 15, 2022

Share Blog Post

Cybercrimes surrounding digital money lending apps have witnessed a sudden spike of late. But the bigger threat is users' behavior of downloading apps via unofficial mediums. For instance, threat actors were observed extorting money in exchange for victims’ personal data they stole via a lending app unavailable on Google Play Store. In other news, Apple has confirmed an iPhone software update that patches its tenth zero-day of the year. The bug posed a serious arbitrary code execution threat to iPhone 8 and above models as the exploitation of the bug was underway.

On similar lines, patches for eight Chrome, three VMware, and two sensitive Veeam bugs were rolled out in the past 24 hours. Exploits for some of them are on the loose. Patch immediately.

For detailed Cyber Threat Intel, click ‘Read More.'

Top Breaches Reported in the Last 24 Hours


Cyberattack on Australian telecom
An attack on TPG Telecom Ltd, Australia’s number two internet service provider, affected the emails of up to 15,000 of its iiNet and Westnet customers. Primary investigation revealed that the attackers’ motto was to acquire customers’ cryptocurrency and financial information.

Top Malware Reported in the Last 24 Hours


Extortion via money-lending apps
New Android malware campaign dubbed MoneyMonger was discovered extorting people who were trapped by the hackers after they borrowed a sum through their money-lending apps. According to researchers at Zimperium, hackers use the Flutter framework to develop the malware apps that help them obfuscate malicious features and diminish the odds of detection of any malicious activity.

QBot malware in HTML attachments 
Phishing campaigns involving QBot malware as payload have started using a new technique. Hackers are using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows systems. This particular activity allows them to stay under the radar and bypass security tools that scan for malicious files at the perimeter.

A sea of malicious packages
Joint research by Checkmarx and Illustria exposed more than 144,000 malicious NuGet, NPM, and PyPi packages, laying out a scope for supply chain attacks. The campaigns that helped spread these packages generally promote fake apps, gift cards, prize-winning surveys, giveaways, and more. Experts disclosed that most of the packages were unlisted.

Top Vulnerabilities Reported in the Last 24 Hours


Apple’s tenth zero-day
Apple issued a fix for its tenth zero-day flaw for the year that was being abused in attacks against iPhones. The bug, tracked as CVE-2022-42856, is a type confusion flaw in Apple's Webkit web browser browsing engine. Google TAG reported this flaw that posed an arbitrary code execution threat on a vulnerable device. The company shared no details regarding any attack.

Critical Veeam bugs in CISA catalog
The CISA listed two vulnerabilities of Veeam in its Known Exploited Vulnerabilities Catalog that could be abused by remote hackers for arbitrary code execution. Identified as CVE-2022-26500 and CVE-2022-26501, the bugs affect Veeam’s Backup & Replication enterprise backup solution. Though the bugs are being exploited, CISA has not shared any information in that regard.

VMware addresses a bug trio
Three vulnerabilities namely CVE-2022-31705,  CVE-2022-31702, and CVE-2022-31703, were patched across several VMware products. An exploit for CVE-2022-31705, which is a heap out-of-bounds write issue in the USB 2.0 controller (EHCI), was also demonstrated at the GeekPwn 2022 hacking competition. This particular bug impacted VMware ESXi, Workstation, and Fusion.

Critical bug in Chrome
A new Google Chrome update resolved eight bugs in the browser. Five of these are use-after-free flaws that were reported by external researchers. Four bugs—CVE-2022-4436, CVE-2022-4437, CVE-2022-4438, and CVE-2022-4439—impacted components such as Blink Media, Mojo IPC, Blink Frames, and Aura, and were rated high-severity. 

Flawed Amazon ECR Public Gallery
A Lightspin security analyst uncovered a new severe flaw in the Amazon Elastic Container Registry (ECR) Public Gallery. An unauthenticated user can use it to delete any container image or even inject harmful code into the images of other AWS accounts. An internal investigation report found no signs of bug exploitation in the wild.

 Tags

npm
nuget
vmware product
chrome bug
tpg telecom
pypi
html smuggling
qbot malware
moneymonger
amazon ecr public gallery
veeam
apple zero day vulnerability

Posted on: December 15, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.