Go to listing page

Cyware Daily Threat Intelligence, March 03, 2022

Cyware Daily Threat Intelligence, March 03, 2022

Share Blog Post

The Russia-Ukraine crisis has led to a cyber conflict that is taking new turns with every passing day. Certain threat actors—who are supporters of the Russian government—have attacked WordPress-hosted sites of Ukrainian education institutions more than 100,000 times ever since the recent beginning of the conflict. Besides, the Ukrainian Ministry of Defense was targeted with a DDoS attack by DanaBot operators.

Meanwhile, several vulnerabilities were discovered by security researchers around the globe in the past 24 hours. Remote code execution bugs in VoIP apps and a blogging platform, and critical vulnerabilities in two Cisco products were among the new security flaws disclosed.


Top Breaches Reported in the Last 24 Hours

University websites hacked
More than 30 WordPress-hosted Ukrainian university websites have been hacked in a targeted massive attack. The threat actors support Russia and are identified as the ‘Monday Group.’ In 24 hours, more than 100,000 attacks were launched on Ukrainian education institutions. 


Top Malware Reported in the Last 24 Hours

DDoS attack against Ukrainian Ministry of Defense
A threat actor has launched a DDoS attack using DanaBot against the Ukrainian Ministry of Defense’s webmail server. The attack was launched to deliver a second-stage malware payload leveraging the download and execute command.


Top Vulnerabilities Reported in the Last 24 Hours

Bugs in VoIP apps
Five memory-corruption vulnerabilities were discovered in open-source PJSIP, which supplies an API used by VoIP phones and conference apps. The flaws can be exploited for remote code execution (RCE) in applications that use the PJSIP library. JFrog Security recommends upgrading PJSIP to version 2.12 to address the flaws.

Vulnerable medical infusion pumps
Data collected from over 200,000 medical infusion pumps reveal that 75% of them have vulnerabilities that hackers could exploit. The report shows that tens of thousands of devices are vulnerable to six critical-severity flaws reported in 2019 and 2020.

Cisco patches critical vulnerabilities
Cisco announced patches that address a couple of critical vulnerabilities in its Expressway Series and TelePresence Video Communication Server unified communications products. Tracked as CVE-2022-20754 and CVE-2022-20755, with a CVSS score of 9.0, the two vulnerabilities can be exploited by attackers to write files or execute code on the underlying operating system with root privileges. 

RCE vulnerability uncovered in Hashnode
A remote code execution attack chain caused due to a local file inclusion bug in Hashnode, a blogging platform, has been discovered by security researchers. The local file inclusion vulnerability allowed users to fetch internal server files.

 Tags

hashnode
pjsip library
cisco expressway
danabot trojan
cisco telepresence
medical infusion pumps
ukrainian universities
ddos attacks

Posted on: March 03, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.