Go to listing page

Cyware Daily Threat Intelligence, May 18, 2022

Cyware Daily Threat Intelligence, May 18, 2022

Share Blog Post

Windows servers are the heart of many corporate networks and that’s why they often face threats from cyber adversaries. For instance, researchers have unmasked at least two campaigns that compromised the security of Microsoft SQL servers. A Kingminer botnet attack could be involved in one of the campaigns against servers.

Moving on, millions of Wordpress websites suffer the risk of exploitation owing to a vulnerability in the Tatsu Builder plugin. In other news, NVIDIA patched critical flaws in its GPU drivers and advised users to apply the released updates as soon as possible.


Top Breaches Reported in the Last 24 Hours 


22 million Malaysians exposed
An investigation has been launched into an alleged breach that blurted out the data of 22.5 million Malaysians born between 1940 and 2004. Records were purportedly stolen from the National Registration Department. The leaked personal data may include names, identity card numbers, addresses and photographs, as well as data from the Election Commission website.


Top Malware Reported in the Last 24 Hours 


Kingminer enters Microsoft SQL server
Trend Micro experts ??observed suspicious activities in a client’s Microsoft SQL server wherein they found an obfuscated PowerShell command being created. Many of the TTPs suggested that the Kingminer botnet could be behind this attempt.

Microsoft systems under threat from SuspSQLUsage
Microsoft uncovered a malicious campaign targeting SQL servers using a malware dubbed SuspSQLUsage. Attackers leverage a built-in PowerShell binary to achieve persistence on compromised systems. However, for initial compromise, they rely on brute-force tactics.

UpdateAgent returns with an update
The Jamf Threat Labs team discovered a new variant of the macOS malware tracked as UpdateAgent. First detected in late 2020, the Swift-based dropper imitates Mach-O binaries named "PDFCreator" and "ActiveDirectory" to establish a connection to a remote server.


Top Vulnerabilities Reported in the Last 24 Hours 


Flawed Tatsu Builder plugin
WordPress websites are at potential risk of cyberattacks after a large-scale attack abusing an RCE flaw in the Tatsu Builder plugin, tracked as CVE-2021-25094, was reported. Threat actors peaked with 5.9 million attempts per day on May 14. The extension is estimated to have between 20,000 and 50,000 installations.

NVIDIA fixed ten flaws 
NVIDIA addressed four high-severity and six medium-severity vulnerabilities in its GPU drivers that were concerning a range of graphics card models. The fixed flaws could lead to denial of service, data exposure, privilege escalation, arbitrary code execution, and more. The four high-severity flaws include CVE-2022-28181, CVE-2022-28182, CVE-2022-28183, and CVE-2022-28184.

Data insecure in Tesla Model 3, Y
Researchers at the NCC Group devised an attack tool that leverages Bluetooth Low Energy (BLE) technology to bypass existing protections on target devices. This jeopardizes the security of a wide spectrum of products, such as laptops, smartphones, smart locks, building access control systems, and even systems inside cars like Tesla Model 3 and Model Y.

 Tags

nvidia graphics drivers
tesla cars
wordpress site
ble attack
mssql servers
suspsqlusage
tatsu builder plugin
kingminer botnet
updateagent
malaysian citizens

Posted on: May 18, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.