Go to listing page

Cyware Daily Threat Intelligence, June 21, 2022

Cyware Daily Threat Intelligence, June 21, 2022

Share Blog Post

The CISA has published ??three advisories around critical flaws originating within the systems at Cumming-based ICS provider AutomationDirect. Left unpatched, it may lead to unauthorized changes to targeted devices and trigger various attacks. Meanwhile, Log4shell is back in the limelight after the AvosLocker group exploited it within VMware Horizon UAG.

Furthermore, organizations in software security; military, healthcare, and pharmaceutical industries; and the manufacturing supply chain are being targeted by a malicious voicemail campaign. It is aimed at pilfering the Microsoft credentials of the victims.


Top Breaches Reported in the Last 24 Hours


Millions impacted at a Michigan bank
A cyberattack at Flagstar Bank blurted out the personal data of over 1.5 million customers after an unauthorized intrusion into its network. The incident occurred in December 2021 but the bank recently discovered that the adversaries accessed and stole sensitive customer details, including full names and SSNs.

Modern web applications leak ‘secrets’
RedHunt Labs found millions of websites, including popular domains, leaking over 1.6 million secrets such as ??embedded API keys, cryptographic secrets, and other credentials within JS files in client-side source code. This poses greater threats from paving the path for lateral movement to abusing and compromising a business account to infect the complete network, leading to heavy financial losses.

New leak site publishes data
A site called BidenCash reportedly published names, residential addresses, phone numbers, emails, credit card details, and more information and pushed it for sale starting at $0.15. It features a filtering system that let other cybercriminals find and hand pick the stolen cards suitable for their campaigns. One can either search for specific countries, and banks, or look for details like CVV, email, card type, address, or names.

Top Malware Reported in the Last 24 Hours


AvosLocker exploits Log4Shell in VMware
Cisco Talos uncovered a month-long AvosLocker campaign exploiting the Log4Shell flaw in a pair of vulnerable VMware Horizon Unified Access Gateways. Non-configured Cisco products made it easier for hackers to gain access to internal servers and attain persistence. Hackers in the campaign used several penetration tools, including Cobalt Strike, Sliver, and multiple commercial network scanners.

Top Vulnerabilities Reported in the Last 24 Hours


CISA warns against AutomationDirect vulnerabilities
Organizations within the U.S have been urged to patch several high-severity vulnerabilities in some of AutomationDirect’s PLC and HMI products. The bugs can cause DoS condition, arbitrary code execution with elevated privileges, man-in-the-middle attacks, and more.
A patch has been issued with the release of firmware version 6.73.

DFSCoerce: A Windows NTLM relay attack
Security researcher Filip Dragovic released a PoC detailing a new NTLM relay attack called DFSCoerce. The attack uses Microsoft's Distributed File System (MS-DFSNM) protocol to relay authentication against an arbitrary server. When exploited successfully, it can allow a hacker to completely take over a Windows domain.

Top Scams Reported in the Last 24 Hours


Sensitive sectors on the radar
Researchers at Zscaler ThreatLabZ reported a Voicemail messaging campaign targeted at victims in the key vertical markets of the U.S. With this, hackers aspire to steal their Office365 and Outlook credentials. Emails as well as the credential-stealing pages have been crafted well enough to imitate the legitimate entities. Zscaler was itself one of the victims.

 Tags

dfscoerce
vmware esxi
automationdirect
log4shell attacks
ntlm relay attack
webapps leak
office365
vmware horizon unified access gateways
flagstar bank
voicemail phishing scam
avoslocker
bidencash

Posted on: June 21, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.