Go to listing page

Cyware Daily Threat Intelligence, July 20, 2022

Cyware Daily Threat Intelligence, July 20, 2022

Share Blog Post

Millions of vehicles, with some owners working in critical sectors, were found on the verge of being hijacked by a potential hacker. The CISA has also warned against vulnerabilities in MiCODUS GPS tracker devices and urged vehicle owners to take defensive measures. A security mishap in a mental health app—and a social mood tracker—has been exposing the sensitive data of users, owing to malpractice.

Enjoy ordering food online? Magecart attacks on three online food ordering platforms stole 50,000 payment card records from 300 U.S. restaurants. The campaign, which began no later than November 12, 2021, still impacts some of the restaurants.

Top Breaches Reported in the Last 24 Hours


Ransomware cripples construction group 
Building materials producer Knauf Group’s global operations have been paralyzed in the wake of a cyberattack. Its IT servers were brought offline to contain the attack and stop it from spreading further. Though not officially declared, the Black Basta ransomware group has claimed responsibility for the attack by listing the firm on its extortion site.

Belgium annoyed with Chinese state-sponsored attacks
Belgian officials have accused Chinese state-sponsored actors of a series of cyberattacks against its interior and defense ministries. The noted Chinese groups in the report are tracked as APT27, APT30, APT31, and Gallium. The country, which is home to NATO headquarters and the EU Commission, has urged China to stand by “the norms of responsible state behavior as endorsed by all UN member states.”

Russain hackers snoop on western entities
Cozy Bear or APT29, was seen abusing legitimate cloud services, such as Google Drive and DropBox, to target a number of Western diplomatic missions, including foreign embassies of Portugal and Brazil. The group’s phishing technique includes a malicious HTML file, called EnvyScout, which acts as a dropper for Cobalt Strike and additional payloads.

Mental health app blurted out user data
Japan-based journaling and social mood tracking app Feelyou inadvertently exposed the email addresses of close to 80,000 of its users in 177 countries. A researcher reported a vulnerability on the platform while reverse engineering several other mental health trackers and similar apps. No evidence of any attack was spotted.

Top Malware Reported in Last 24 Hours


New ransomware family in Rust
A dark web ransomware forum ad has listed a new ransomware family, dubbed Luna, that can encrypt multiple platforms, including Windows, Linux, and ESXi systems. The preliminary findings suggest that it is meant only for Russian-speaking threat actors. Being written in Rust, it easily evades automated static code analysis attempts. The ransom note had spelling mistakes too.

300 restaurants leaked payment card data
Card skimmers harvested payment data of customers interacting with three online ordering platforms, namely InTouchPOS, MenuDrive, and Harbortouch. The cascading effects of the attack have encompassed over 300 restaurants, and at least 50,000 compromised payment card records have already been listed on the dark web.

Top Vulnerabilities Reported in the Last 24 Hours


Flawed GPS tracker affects millions
Six security gaps in a GPS tracker device, MiCODUS MV720, pose a variety of threats to nearly 1.5 million vehicles across 169 countries. The impacted device concerns individuals at Fortune 50 firms, governments in Europe, U.S. states, a South American military agency, a nuclear plant operator, and others. An abuser can not only track the vulnerable vehicle but also extract route information, and even manipulate some data.

 Tags

chinese state sponsored hacker group
magecart attacks
apt31
google drive
feelyou
gallium group
payment card frauds
ministry of interior belgium
apt30
dropbox
blackbasta ransomware
knauf group
ministry of defense belgium
apt27
envyscout
apt29
luna ransomware
gps tracker
micodus mv720

Posted on: July 20, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.