Go to listing page

Cyware Daily Threat Intelligence, June 29, 2022

Cyware Daily Threat Intelligence, June 29, 2022

Share Blog Post

Amazon Photos jeopardized sensitive user data owing to a flawed component in its mobile app. The vulnerability could let an attacker harvest Amazon access tokens used for API authentication. An UnRAR vulnerability has been found that may infect any software using it, including the Zimbra collaboration suite. The vulnerability reportedly concerns the UnRAR versions for Unix-based systems.

SOHO routers are falling victim to ZuoRAT, a new threat plaguing North American and European users. The multi-stage ZuoRAT malware can spread widely with in-depth network reconnaissance capabilities and deploy payloads using DNS and HTTP hijacking.


Top Breaches Reported in the Last 24 Hours


RansomHouse targeted AMD
As per its own claims, extortion group RansomHouse penetrated the systems of processor manufacturer AMD to steal about 450 GB of data. The group, however, said it did not breach the networks themselves but rather acted as a negotiator on behalf of its partner who allegedly attacked the firm. The stolen data trove may include research and financial information from the firm.

U.K’s food distributor suffered breach
Apetito, a service that delivers prepared meals to thousands of vulnerable people in England, was hit by a sophisticated cyberattack. The frozen-food distributor isn’t sure about what all data has been compromised in the attack. However, it assured that there wasn’t any payment data involved in the incident. 

Top Malware Reported in the Last 24 Hours


ZuoRAT hides within SOHO Routers 
A new malware, dubbed ZuoRAT, is propagating through SOHO routers as part of a sophisticated campaign aimed at networks in North American and European regions. An investigation into the case divulged that the trojan can cripple routers from multiple brands, such as ASUS, DrayTek, Cisco, and NETGEAR. 

AstraLocker 2.0 spreads via Office
Researchers at ReversingLabs observed a new phishing attack dropping AstraLocker ransomware strain through Microsoft Office files. The ransomware deployment begins right after the target opens the malicious file attachment. Studies revealed that the underlying code for AstraLocker 2.0 appears to be borrowed from the Babuk ransomware source code leak in September 2021.

Top Vulnerabilities Reported in the Last 24 Hours


UnRAR bug intimidates Zimbra Suite
RARlab's UnRAR utility was found to be affected by a path traversal vulnerability in its Unix versions. Tracked as CVE-2022-30333, the bug could allow remote hackers to conduct arbitrary code execution on a vulnerable system by extracting a maliciously crafted RAR archive. Any software or program utilizing an unpatched version of UnRAR to extract archives from untrusted sources is impacted by the flaw, including includes Zimbra mail server.

High-severity flaw in Amazon Photos
Checkmarx disclosed a flaw in the Amazon Photos app for Android that has over 50 million downloads through the Play Store. A misconfigured app component exposed its manifest file to anyone without authentication. An individual could abuse this flaw to steal Amazon access tokens used for Amazon API authentication via a malicious app installed on the affected device.

Microsoft fixes FabricScape 
After it was pointed out by Palo Alto Networks' Unit 42 researchers, Microsoft addressed a container escape vulnerability, dubbed FabricScape, that may let attackers take control of Azure Linux clusters. Identified as CVE-2022-30137, the flaw lies in the Service Fabric (SF) application hosting platform. If exploited, it could lead to privilege escalation and affect the entire SF Linux cluster.

 Tags

soho routers
microsoft azure
unrar
fabricscape
amd
astralocker 20
zuorat
apetito
ransomhouse group
amazon photos

Posted on: June 29, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.