Go to listing page

Cyware Daily Threat Intelligence, July 05, 2022

Cyware Daily Threat Intelligence, July 05, 2022

Share Blog Post

While the celebrations were on for the 4th of July, Google issued a critical security fix for a heap buffer overflow zero-day in WebRTC. Researchers claim that an unauthorized individual could remotely execute an arbitrary code and bypass the protection mechanism, leading to DoS and other threats. Meanwhile, a six-month-long malicious campaign has come to light that has been stealing personal data through dozens of obfuscated Javascript packages.

Furthermore, a sensitive breach in the police network of Shanghai has apparently caused chaos after samples tested against the claims of stealing billions of data were found true. The data trove is allegedly available to anyone who can shell out 10 BTC.


Top Breaches Reported in the Last 24 Hours


Nearly one billion exposed in China
A threat actor was found offering billions of records, including sensitive details, on Chinese citizens for 10 BTC. The data being advertised through online forums and social media platforms were stolen from the servers of the Shanghai National Police. The database also has information such as the location of the crimes and a brief description of the related incidents.

Third-party breach hits healthcare clinic
Mattax Neu Prater Eye Center, Missouri, suffered a data breach through myCare Integrity, an electronic medical records platform. It was observed that hackers deleted databases and system configuration files after infiltrating the systems. According to HIPAA, over 90,000 people were impacted by the incident.

Top Malware Reported in the Last 24 Hours


AstraLocker shuts down
AstraLocker ransomware actor has announced to quit its operation and shared decryptors with the VirusTotal malware analysis platform. It was based on the source code of the Babuk Locker that had suffered a major leak last year. Last week, Astralocker released a new variant that would spread via phishing emails. 

Dozens of malicious JS packages
Security researchers at ReversingLabs laid bare a widespread software supply chain attack offered via the NPM package manager. The campaign is active since December 2021 and has been designed to pilfer data entered in forms by online users via mobile applications and websites. The campaign is being tracked as IconBurst.

Top Vulnerabilities Reported in the Last 24 Hours


Google’s urgent update
A new version of Chrome 103 was released with the fixes of several security vulnerabilities, including an actively exploited zero-day bug. The flaw tracked as CVE-2022-2294 is a heap buffer overflow condition in WebRTC, the engine that powers the browser’s real-time communications. The zero-day bug affected both Windows and Android versions of the browser.

Top Scams Reported in the Last 24 Hours


Fake employment drive in the UK
Malwarebytes uncovered a scam campaign that lays bait for individuals interested to work in the United Kingdom. The gang sends out recruitment drive messages, via WhatsApp, impersonating staff from the UK government. Visitors may lose their personal data, including their names, email addresses, marital status, contact details, and employment status.

 Tags

webrtc
btc
shanghai national police shga
zero day bug
mattax neu prater eye center
whatsapp messages
fake employment drive
uk government
billions of records
npm package manager
iconburst
software supply chain attack
google chrome updates
cve 2022 2294

Posted on: July 05, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.