Go to listing page

Cyware Daily Threat Intelligence, May 24, 2022

Cyware Daily Threat Intelligence, May 24, 2022

Share Blog Post

A Chrome extension with video-capturing capabilities poses threat to tens of millions of users due to a flaw using which a hacker can secretly turn on their systems’ camera. The patch released for it earlier in February didn’t seem to fix the issue. Meanwhile, millions of others fell victim to cyberattack incidents at General Motors and MGM Resorts International.

Security analysts spotted two new ransomware variants for Nokoyawa and Chaos ransomware, in two separate reports. The former is relying on publicly available sources to augment performance, whereas the latter has broadened its gamut for file encryption.


Top Breaches Reported in the Last 24 Hours


Credential stuffing at GM
U.S. automobile giant General Motors confirmed suffering a credential stuffing attack last month that impacted its customer information. Further, the hackers were able to redeem gift card reward points. The firm has advised victims to review their credit reports and initiate a security freeze if they see some irregularities.

Zola accounts compromised
A hacker group infiltrated the networks of the wedding planning website Zola through a credential stuffing attack to access the user accounts. They attempted to initiate fraudulent cash transfers. According to reports, Zola does not currently offer two-factor authentication (2FA) for its users.

MGM Resorts Customers’ PII on Telegram
vpnMentor has reported that approximately 142 million records of customers of MGM Resorts International were leaked on Telegram in four storage files. The dumps include personal data such as names, postal addresses, phone numbers, email addresses, and dates of birth of millions of people. Hackers claimed the leak encompasses at least 30 million people.


Top Malware Reported in the Last 24 Hours


New Nokoyawa ransomware variant
Fortinet has observed a new variant of Nokoyawa ransomware targeting Windows users. Researchers confirm that it is reusing code from publicly available sources to become more effective. The samples from April contained three new features to maximize the encryption of files. Besides, the latest variant deletes volume snapshots by resizing the allocated space for snapshots of volume shadow copies to one byte.

Scope of encryption widens with Chaos 4.0
The BlackBerry team has discovered the latest version of the Chaos ransomware dubbed Yashma. Since its discovery in June 2021, Chaos has undergone five successive iterations for improving its functionalities. The variant, also known as Chaos 4.0, has expanded its upper limit of files to encrypt to 2.1MB.


Top Vulnerabilities Reported in the Last 24 Hours


XSS flaw cripples Screencastify
Screencastify is a popular Chrome extension meant to capture and share videos from websites. The extension was found containing a bug that can trigger cross-site scripting attacks. This can cause an arbitrary website to turn on users’ webcams without their knowledge. Although this flaw was reported and patched in February, it doesn’t properly ensure the security of over 10 million users.

Yik Yak’s long-awaited patch
Anonymous social network platform Yik Yak delivered a patch for a vulnerability reported by two researchers independently in a month’s gap. The vulnerability made it possible for a stalker to locate a user’s home address by intercepting HTTP requests from the client using the open-source Mitmproxy tool.


Top Scams Reported in the Last 24 Hours


Physical abuse scam on dating apps
Bleeping Computer highlighted that scammers are now acting as former victims of physical abuse on dating apps like Tinder and Grindr. By doing so, they tend to gain a potential target’s trust and sympathy and pitch fraudulent ID verification services. This may land the victim on a fake site where they are asked to pay a nominal fee for signing up for an account.


New Threat in Spotlight


Pre-hijacking of accounts
A researcher from Microsoft Security Response Center and an independent researcher warned that cybercriminals are abusing vulnerabilities that were already fixed for platforms like Instagram, LinkedIn, Zoom, WordPress, and Dropbox. These bugs can be exploited to hijack the online accounts of users even before they create or register them.

 Tags

dating apps
chaos ransomware
nokoyawa ransomware
zola
credential stuffing attack
yik yak
general motors gm
tinder
telegram
mgm resorts international
screencastify

Posted on: May 24, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.