Go to listing page

Cyware Daily Threat Intelligence, May 03, 2022

Cyware Daily Threat Intelligence, May 03, 2022

Share Blog Post

Several critical vulnerabilities are in the spotlight today for putting organizations and devices at risk of cyberattacks. Researchers at Armis have disclosed a set of five new vulnerabilities, known as TLStorm 2.0, that could be abused to take full control of network switches used across airports, hospitals, hostels, and enterprises. A newly found Augury vulnerability impacting Apple’s latest M1 and A14 Bionic chips has also surfaced recently, although researchers claim there is currently little cause for concern.

Furthermore, millions of IoT devices are exposed to DNS poisoning attacks due to an unpatched flaw in all versions of the uClibc and uClibc-ng library. Successful exploitation of the flaw can also lead to Man-in-the-Middle attacks.

Top Breaches Reported in the Last 24 Hours


Sixt hit by a cyberattack
Car rental giant Sixt has been hit by a cyberattack that affected certain parts of its IT infrastructure. The firm announced that an investigation is in progress to understand the scope of the attack.

Phishing attack observed
A new phishing attack leveraging Google’s SMTP relay service has been detected delivering phishing emails to users. The end goal of the attack is to bypass spam detections and trick users into opening a malicious link or downloading a malicious file to steal user credentials.

Riviera Utilities’ data breached
A data breach at Riviera Utilities exposed the personal information of customers after the email accounts of some of its employees were compromised. Exposed details include personal information, such as Social Security Numbers, driver’s license numbers or state identification numbers, passport details, and health insurance information. Investigation reveals that the email accounts were accessed on or about October 17, 2021.

Top Vulnerabilities Reported in the Last 24 Hours


New Augury flaw
Researchers have released details of an Apple Silicon vulnerability called Augury. It exists in Apple’s implementation of the Data-Memory Dependent Prefetcher (DMP). The microarchitectural flaw affects the M1, M1 Max, and A14 Bionic chips from Apple.

TLStorm 2.0
Researchers at Armis have found a set of five new vulnerabilities in Aruba and Avaya network infrastructure equipment. Dubbed TLStorm 2.0, the flaws exist in the implementation of TLS communications in multiple models of network switches. It is a variant of the original TLStorm vulnerabilities discovered earlier this year. Patches have been issued to address the flaws.

Flaws in Accusoft ImageGear
Two new vulnerabilities have been patched in Accusoft ImageGear. One of these is tracked as CVE-2022-23400 and can allow an attacker to launch a DoS attack inside the application by overflowing the stack buffer. Another flaw is tracked as CVE-2022-22137 and can be abused to corrupt memory on the application and cause an arbitrary use-after-free condition.

Unpatched DNS bug
Nozomi Networks Labs discovered a vulnerability affecting the Domain Name System (DNS) implementation of all versions of uClibc and uClibc-ng. The flaw is caused by the predictability of transaction IDs included in the DNS requests generated by the library which may allow attackers to perform DNS poisoning attacks against the target device. The vulnerability still remains unpatched.

New Threat in Spotlight


UNC3524 associated with QUIETEXIT malware
A new APT group, tracked as UNC3524, uses IP cameras to deploy backdoors and steal Microsoft Exchange emails. The APT group primarily targets employees that focus on corporate development, mergers, and acquisitions, and large corporate transactions. It also uses a backdoor, tracked as QUIETEXIT, that borrows code from the open-source Dropbear SSH client-server software, in order to maintain persistence on infected networks.

 Tags

augury vulnerability
man in the middle attacks
dns poisoning attacks
riviera utilities
googles smtp relay service
tlstorm 20
sixt

Posted on: May 03, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.