Go to listing page

Cyware Daily Threat Intelligence, June 02, 2022

Cyware Daily Threat Intelligence, June 02, 2022

Share Blog Post

Smartphone users were exposed to remote hacking as researchers laid bare vulnerability within the UNISOC chip. This bug could be used to deny modem services and even block communications. In a strange incident, a security team discovered ransom notes within hundreds of unsecured Elasticsearch databases.

Separately, a cybercriminal group is targeting premium clients located globally via SMSes and calls in a malware campaign involving TrojanSMS. Currently, there are different versions of the malware. Researchers say the malware may spread further as it also fetches data from victims' contact lists.

Top Breaches Reported in the Last 24 Hours


Ransom notes pasted to misconfigured databases
Secureworks unearthed a unique attack campaign aimed at more than 1,200 misconfigured vulnerable Elasticsearch databases. Hackers have reportedly replaced victims’ indexes with ransom notes, asking for a ransom of up to $280,000 in total. Researchers could identify four email addresses and two different Bitcoin wallets associated with the attack campaign.

Top Malware Reported in the Last 24 Hours


Malware campaign claims victims worldwide
SMSFactory is a new malware campaign dropping TrojanSMS malware and harvesting money from devices by sending premium texts and calling premium-rate phone numbers. It propagates through malvertising, push notifications, and alerts displayed on game sites or free video streaming sites. Infected devices were found to be located across the U.S., Brazil, France, Russia, Turkey, and Ukraine, among others.

Top Vulnerabilities Reported in the Last 24 Hours


New Windows zero-day 
A new Windows Search zero-day has surfaced. An unauthorized user can leverage it to automatically open a search window containing remotely-hosted malware executables. The adversary can modify Office documents to bypass Protected View and launch URI protocol handlers, without interacting with the users.

High severity flaw in Smartphone chip
Check Point Research reported a critical security bug in UNISOC’s smartphone chip with a CVSS score of 9.4 out of 10. The flaw affects 4G and 5G UNISOC chipsets. The impacted UNISOC modem is used for cellular communication majorly in Africa and Asia. As per media reports, Google will publish the patch in the upcoming Android Security Bulletin.

MS Office apps vulnerable to homograph attacks 
Bitdefender discovered that MS Office apps, such as Outlook and Teams, are vulnerable to homograph attacks based on Internationalized Domain Names (IDNs). Hackers can spoof IDN homograph domains to fool users. Homograph attacks alone aren’t mainstream but are a dangerous and effective tool if used by APTs in targeted campaigns.

Top Scams Reported in the Last 24 Hours


Phishers lay bait on Telegraph
Email security platform INKY noted that phishing actors are exploiting Telegram's anonymous blogging platform, Telegraph, to steal users’ account credentials. Telegraph, as a free minimalist publishing tool, lets anyone publish anything without creating an account or providing any identification details. Hence, pages can be customized with embedded malicious images and links to harvest sensitive data.

 Tags

elasticsearch database
cve 2022 30190
ransom notes
zero day bug
unisoc
trojansms
smsfactory

Posted on: June 02, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.