Go to listing page

Cyware Daily Threat Intelligence, June 09, 2022

Cyware Daily Threat Intelligence, June 09, 2022

Share Blog Post

Owl Labs announced a new firmware version for its existing devices that addresses a high-severity bug in devices manufactured by it. The bug lets an attacker pass through the networking traffic in Wi-Fi AP tethering mode to exploit targeted devices as wireless access points. Meanwhile, Follina continues to be a weak point for Microsoft users as new malware actors join the bandwagon to abuse the flaw. 

In the last 24 hours, the threat landscape witnessed an ongoing major phishing scam aimed at billions of Facebook users. Active since September 2021, it has helped adversaries mint millions of USD. 


Top Breaches Reported in the Last 24 Hours


Hundreds of millions stolen
The blockchain network at Maiar Exchange was breached to swindle 1.65 million EGLD tokens, (equivalent to an estimated $113 million) from three different wallets. The network was brought offline in the aftermath of the attack for a brief period of time. According to sources, most of the stolen funds have been either recovered or will be covered by the Elrond Foundation. 

Zero-click hack against Ukraine officers?
Ukraine's State Special Communications Service confirmed that cybercriminals have started hijacking the phones of the country's public servants. Attackers are reportedly spreading malware in what may seem like a zero-click hack. A spokesperson said that, so far, no mobile devices have been compromised.

Top Malware Reported in the Last 24 Hours


New Emotet variant cripples Chrome
Proofpoint has spotted a new series of attacks involving the infamous Emotet botnet. A new version of the botnet uses a new module to pilfer credit card information stored on the Chrome browser. The campaign was active from April 4–19. The email subjects used by hackers included easy words such as ‘Salary.’

Botnets march toward Linux-based Atlassian server
Linux servers running unpatched Atlassian Confluence Server and Data Center were found to be targeted by multiple botnet operators, namely Kinsing, Hezb, and s. The three groups are known for infiltrating vulnerable Linux servers to deploy backdoors and cryptominers. After the release of the PoC exploits, security experts have observed almost a ten-fold increase in active exploitation.

Bypassing 2FA by intercepting OTPs
Cybel exposed bot-based caller ID spoofing techniques used by cybercriminals to bypass 2FA and steal one-time passwords of the users. A majority of such interception services observed provided a user interface through Telegram and Discord-based bots. Once the OPT reaches the bot operators, they could illegally access the compromised service.

Top Vulnerabilities Reported in the Last 24 Hours


Owl Labs patches critical flaws
Video conferencing company Owl Labs has fixed a severe bug impacting its Meeting Owl Pro and Whiteboard Owl devices. An attacker within Bluetooth range can abuse the bug to turn a compromised device into a rogue access point. Security researchers at Modzero discovered five different vulnerabilities in Owl’s devices, however, the remaining flaws will be resolved with future updates.

AsyncRAT meets Follina
Follina, the recently disclosed Windows vulnerability identified as CVE-2022-30190, is being abused by several malware families, including AsyncRAT. Unfortunately, the flaw in the Microsoft Support Diagnostic Tool concerns all supported versions of Windows. For now, only advisories and workarounds are available to mitigate the vulnerability; a patch is being developed.

Top Scams Reported in the Last 24 Hours


Advertising gimmick Firefox update
Malwarebytes unearthed a malvertising campaign leading to a fake Firefox update. Researchers noted that the malvertising infrastructure is essentially the same one that has been in use since late 2019. Furthermore, the campaign was distinct as, in some cases, hackers took a jibe at the same ad networks they were abusing, unless they named their malvertising gates after different ad networks.

Million-dollar worth of ad scams rock Facebook
Researchers with PIXM laid bare a massive phishing scam that abused Facebook and Messenger to trick millions of users into blurting out their account credentials while forcing them to see advertisements. While Facebook had preventive measures in place to curb the dissemination of phishing URLs, cybercriminals were able to bypass these protections.

 Tags

facebook users
emotet botn
malvertising campaigns
zero click
bluetooth attack
telegram bots
elrond foundation
darkiot
2fa bypass
asyncrat
kinsing malware
fake firefox update
atlassian confluence servers
ukraine attack
chrome browser
account credentials
egld
owl labs
hezb botnet
maiar exchange
follina

Posted on: June 09, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.