Go to listing page

Cyware Daily Threat Intelligence, June 24, 2022

Cyware Daily Threat Intelligence, June 24, 2022

Share Blog Post

Log4Shell continues to haunt organizations in the U.S. as the government agencies underlined several incidences of various hacker groups, including an APT, trying to penetrate enterprise networks. Meanwhile, threat actors behind scalper bots made it extremely challenging for the Israeli government to deliver public services by faking hundreds of thousands of appointment requests.

In another update, Google has pointed toward an Italian firm for developing the Hermit spyware that can infect both iOS and Android. For now, its victims are in Italy and Kazakhstan.


Top Breaches Reported in the Last 24 Hours


Extortion attack hits Brazilian retail 
Cyber adversaries claimed to breach the networks of Sao Paulo-based retail company Fast Shop and steal terabytes of data. The group was able to take over the retailer’s Twitter account and could push its website and app for a shutdown. There’s no information on which extortion group was behind the attack.

More victims at a healthcare facility
Indiana University Health revealed that the sensitive information of its patients was leaked in a cyber incident at MCG Health in 2020. Exposed data include names, SSNs, medical codes, full addresses, contact numbers, email addresses, gender details, and more.

Top Malware Reported in the Last 24 Hours


Scalper bots cause mayhem in Israel
Akamai researchers reported an army of scalper bots trained to secure appointments for public services offered by the Israeli government. Affected areas of services include passport renewal, transport, utilities, the post office, and national insurance. Hackers scheduled more than 700,000 fake appointments, creating a months-long backlog at the Ministry of Interior.

Goggle warns of Hermit spyware
According to Google Threat Analysis Group, Hermit, an enterprise-grade spyware strain, is targeting Android and iOS mobile device users in Italy and Kazakhstan. The spyware can steal a plethora of information such as SMS messages, contact lists, call logs photos, while also exfiltrating the GPS location data of a user.

Top Vulnerabilities Reported in the Last 24 Hours


CISA alert on Log4Shell
The CISA, along with other agencies, urged organizations to patch the Log4Shell flaw in VMWare Horizon and Unified Access Gateway servers. The bug, CVE-2021-44228, was recently exploited by a suspected APT actor to deploy loader malware on targeted systems. In another incident, the CISA was forced to conduct an onsite incident response engagement.

Patch arrived after six months
Security researchers have uncovered more details on a critical Fusion Middleware vulnerability in Oracle systems. Identified as CVE-2022–21445, the flaw could be exploited for arbitrary code execution. It impacts all applications that rely on ADF Faces such as Business Intelligence, WebCenter Portal, Application Testing Suite, Identity Management, SOA Suite, and more.

Top Scams Reported in the Last 24 Hours


Hackers use COVID-19 lure
Cybercriminals were found impersonating the U.K’s NHS and sending fraud messages through SMSs, about individuals being infected by the Omicron variant of COVID-19. They urge potential victims to order a test kit, which costs £0.99 or $1.21 for postage. Scammers have leveraged different domains to excel in their scam messages.

 Tags

covid 19 spam messages
nhs
log4shell attacks
log4shell
cve 202221445
fast shop
cisa
mcg health
pegasus spyware
scalper bots
indiana university health
hermit

Posted on: June 24, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.