Go to listing page

Cyware Daily Threat Intelligence, July 15, 2022

Cyware Daily Threat Intelligence, July 15, 2022

Share Blog Post

The culprits of one of the largest DDoS attacks have been identified as Mantis, whose nomenclature was done keeping tiny Mantis shrimps in mind, due to the size of the attack it pulled off with a relatively small botnet infrastructure. However, there isn’t a guardian for a WordPress plugin to address a critical flaw. Millions of websites were discovered being scanned for the flawed plugin.

Furthermore, nearly half a dozen firms, including Microsoft, VMware and Ubuntu, issued patches against the Retbleed attack technique impacting chipmakers Intel and MD. Patch yours now!

Top Breaches Reported in the Last 24 Hours

Data of transplant patients leaked
Medical records and personal data of about 4,500 transplant participants at Virginia Commonwealth University Medical Center were lying exposed for anyone to access. The privacy breach also included information about their donors. In some cases, exposed data involved records dating back to 2006.

Brit recruitment agency disclose a breach
Morgan Hunt, a U.K-based recruitment agency, announced that it experienced a security incident that laid bare the personal data of its clients via one of their sever databases. Exposed data include contractors' names, contacts and addresses, IDs, documents, National Insurance numbers, and more.

Top Malware Reported in Last 24 Hours

Small-to-midsize firms under attack by new ransomware
Microsoft researchers found a year-old ransomware campaign called Holy Ghost, aka DEV-0530, targeting small to mid-sized organizations such as banks, schools, manufacturing, and event and meeting planning firms. It is suspected that North Korean hackers—not necessarily associated with or backed by the North Korean government—could be behind the attacks.

Tiny botnet network launched massive DDoS attack
Cloudflare has unearthed an effective botnet operation by Mantis (named after Mantis shrimp) that affected nearly 1,000 of its customers. Experts found that Mantis compromised just over 5000 IoT devices, including MikroTik routers, and launched more than 3,000 HTTP DDoS attacks last month, including the biggest-ever HTTPS-based DDoS attack recorded to date.

Top Vulnerabilities Reported in the Last 24 Hours

Securing systems against Retbleed
Intel and AMD released software updates to address the recently disclosed Retbleed speculative execution attack, disclosed earlier this week. Meanwhile, Citrix has released hotfixes for Hypervisor to address this issue. Other major firms that have fixed the flaws are VMware, Microsoft, The Xen Project, and Ubuntu. Red Hat Enterprise Linux releases 6 will not be fixed.

PoC exploit for macOS sandbox escape flaw
Microsoft published the exploit code for a bug, identified as CVE-2022-26706, in macOS. The bug could help a hacker dodge sandbox restrictions and execute arbitrary code on the targeted system. The bug came to notice when researchers were looking into the methods to run and detect malicious macros in Office documents on macOS.

A trio of bugs patched in Lenovo
Lenovo fixed three bugs impacting more than 70 products, including ThinkBook systems. The CVEs, tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, can be abused for code execution in a way that can lead to interruption and hijacking of the operations systems’ execution flow while blocking some important security features.

Flaw impacts over one million WordPress sites
Researchers at Defiant disclosed a widespread attack campaign scanning a flaw in over 1.6 million WordPress sites. The flaw, dubbed CVE-2021-24284, resides in the Kaswara Modern WPBakery Page Builder, a WordPress plugin. Its author has allegedly abandoned the product before a patch could reach him.


wordpress plugin vulnerability
poc exploit code
mantis botnet
macos sandbox
morgan hunt
holy ghost
intel bug
virginia commonwealth university

Posted on: July 15, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.