Go to listing page

Cyware Daily Threat Intelligence, May 31, 2022

Cyware Daily Threat Intelligence, May 31, 2022

Share Blog Post

Microsoft has given a workaround against Follina, the high-severity bug in the Microsoft Office productivity suite that we reported yesterday. Unsecured databases make the cyber landscape more vulnerable to cybersecurity incidents. From staff data to source code details to plain-text passwords and secret keys, a Turkish airline was found blurting it all out online.

The U.S. tax season is here and scammers look excited. One such group was seen impersonating Intuit support teams to steal personal data or install malware on infected devices. 


Top Breaches Reported in the Last 24 Hours


Turkish airline exposes confidential data
SafetyDetectives reported that Pegasus Airlines, a low-cost Turkish airline, inadvertently exposed nearly 6.5TB records all in all. It contained the PII of the flight crew alongside Electronic Flight Bag (EFB) information and other sensitive information, such as source code and flight data. It occurred due to a misconfigured AWS bucket. Experts surmised that the leak may have given threat actors access to critical data that can let hackers tamper with it.

Medical data compromised in Australia
Sydney-based software and analytics provider for the disability and care sectors, CTARS suffered a breach of its cloud-based client management system used by National Disability Insurance Scheme (NDIS) service providers. Reports claim that a large chunk of sensitive data was stolen during the incident, which began on May 15.


Top Malware Reported in the Last 24 Hours


XLoader gets an upgrade
Researchers at CPR stumbled across a new version for XLoader (v2.6) that boasts significant modifications in key parts of the malware. With a long emulation time in the newer version, the sample accesses more than 16 domains, unlike earlier versions. The main update in XLoader concerns network communication.


Top Vulnerabilities Reported in the Last 24 Hours


Microsoft addresses a critical flaw
Zero-day allowing code execution in Office products, tracked as CVE-2022-30190, has received a temporary solution from its makers, if not a patch yet. Microsoft has shared mitigation measures wherein admins and users can block attack attempts exploiting the flaw by disabling the MSDT URL protocol. Further, it is also advised to disable the Preview pane in Windows Explorer.


Top Scams Reported in the Last 24 Hours


QuickBooks accounts on target
A new QuickBooks phishing effort has been discovered in the wild that can steal users’ account information. The success of this phishing campaign relies on consumers falling for account suspension messages. With 4.5 million users globally for Intuit's QuickBooks, it looks like a major threat especially around the tax season in the U.S.

 Tags

xloader
cve 2022 30190
zero day bug
pegasus airlines
quickbooks
microsoft flaw
intuit
medical data
ctars
follina

Posted on: May 31, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.