Go to listing page

Cyware Daily Threat Intelligence, March 25, 2022

Cyware Daily Threat Intelligence, March 25, 2022

Share Blog Post

Zero-day attacks are intimidating as they give hackers a unique opportunity to bypass cybersecurity defenses. In the past 24 hours, researchers came across two sophisticated attack campaigns, named Operation Dream Job and Operation AppleJeus, that targeted several organizations located in the U.S. The attacks were launched by North Korean hackers and leveraged a zero-day remote code execution flaw in the Chrome browser.

Another massive campaign targeting 40 popular cryptocurrency wallets was also uncovered in the last 24 hours. The campaign is active since May 2021 and leverages Telegram channels to disseminate malicious apps to users. In another threat, Honda cars manufactured between 2016 and 2020 are at risk of Man-in-the-Middle attacks as security experts discovered a new worrying flaw.

Top Breaches Reported in the Last 24 Hours

U.S. organizations targeted
North Korean hackers exploited a zero-day RCE vulnerability (CVE-2022-0609) in the Chrome web browser to launch attacks against organizations in the U.S. These attack campaigns were named Operation Dream Job and Operation AppleJeus. While Operation Dream Job targeted over 250 individuals working in 10 different news media, domain registrars, web hosting providers, and software vendors, Operation AppleJeus affected over 85 users in cryptocurrency and fintech industries.

Heriot-Watt coping with a breach
Heriot-Watt University is dealing with a security breach that occurred in the first half of March. The staff and student directories remain unavailable. The university is working closely with security experts and law agencies to strengthen its security.  

Top Malware Reported in the Last 24 Hours

Trojanized apps distributed
Researchers uncovered a new campaign that seeks to distribute malicious Android and iOS apps posing as popular cryptocurrency wallets. The campaign is believed to be active since May 2021. So far, the apps have managed to steal victims’ secret seed phrases by impersonating Coinbase, imToken, MetaMask, TrustWallet, Bitpie, TokenPocket, and OneKey. A majority of users in China are affected by the campaign.

Top Vulnerabilities Reported in the Last 24 Hours

Western Digital fixes a flaw
Western Digital updated its firmware following the discovery of a new remote code execution vulnerability in My Cloud OS. Tracked as CVE-2022-23121, the flaw exists in the parse-entries function of Netatalk Service (included in My Cloud OS). It has a CVSS score of 9.8.

Vulnerable Tekon controllers
Research reveals that more than 100-exposed Tekon building controllers can be exploited to remotely hack equipment used by organizations in Russia. The devices can be hacked due to the use of default credentials that provide access with admin privileges to the Tekon controller’s user interface.

Faulty car models
A vulnerability found in Honda car models can allow a hacker to launch a Man-in-the-Middle attack to unlock a car and even start its engine from a short distance. The vulnerability, tracked as CVE-2022-27254, affects older versions of Honda cars manufactured between 2016 and 2020.

Top Scams Reported in the Last 24 Hours

Morgan Stanley’s customers phished
Accounts of some customers associated with the wealth and asset management division of Morgan Stanley have been compromised following a vishing attack.  The scammers impersonated the banking firm and convinced the users into sharing their banking and login credentials. After successfully breaching the accounts, the scammers electronically transferred money to their own bank accounts via the Zella payment service.

 Tags

western digital
operation dream job
morgan stanley
chrome web browser
operation applejeus
heriot watt university

Posted on: March 25, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.