Go to listing page

Cyware Daily Threat Intelligence, September 01, 2022

Cyware Daily Threat Intelligence, September 01, 2022

Share Blog Post

With billions of active users on TikTok, the platform cannot afford bugs that could compromise their accounts. However, security experts have observed a serious security lapse in the TikTok app for Android that could be abused to mount account takeover threats against its users. Fortunately, no instance of exploitation was reported or found by the researchers. In other news, a hacker was reportedly seen offering to sell a couple of iOS zero-day exploits for 2.5 million. Nothing to worry about as Apple has patched the bug. 

The gaming sector has been a stronghold for cyber adversaries. If you’re a Final Fantasy 14 lover, you are warned about phishing texts that expect you to blabber account credentials through malicious QR codes.

Top Breaches Reported in the Last 24 Hours


OTP victim tally reaches over 1.5 million
Data of over 130,000 individuals enrolled with Common Ground Healthcare Cooperative has likely been accessed by ransomware actors through its mailing vendor, OneTouchPoint (OTP). Previously, the vendor had issued a notice about the breach impacting 1.07 million individuals across nearly 30 health plans. The recent disclosure from CGHC and other healthcare services took the victim count to over 2.7 million.

Migration policy organization hacked
The International Centre for Migration Policy Development (ICMPD), which operates in about 90 countries, disclosed a breach event. The investigation to understand the scope of damage in terms of data stolen or accessed is ongoing. Meanwhile, hackers claimed to have stolen 375 GB of confidential data, such as contract scans, financial and insurance documents, invoices, passports, mailboxes of key members, and more.

Breach at Chile’s Ministry of Interior
The online services of National Consumer Service (Sernac), Chile, were disrupted in the wake of a ransomware attack. Hacker targeted both Windows and VMware ESXi servers and encrypted files were renamed with the .crypt extension. To prevent other organizations from similar attacks, authorities have made public some Indicators of Compromise (IoC). 

Top Malware Reported in the Last 24 Hours


MiniStealer’s builder and panel for free
A cybercriminal, according to Cyble Research and Intelligence Labs, has released MiniStealer’s builder and panel on a cybercrime forum at no cost. Such builders help less experienced hackers create malicious payloads. However, Ministealer has been observed to compromise FTP applications and Chromium-based browsers. The seller alleges that the builder can be used against Windows 7, Windows 10, as well as Windows 11.

Top Vulnerabilities Reported in the Last 24 Hours


TikTok vulnerability threatens account-takeover 
Microsoft’s 365 Defender Research Team uncovered a security glitch in the TikTok app for Android that could be abused by hackers to hijack any user account just by clicking on a specially crafted link. The researchers managed to bypass a verification process to potentially weaponizable some functions within the app. So far, there’s no evidence it was exploited by bad actors.

Watchguard Firewall bugs patched
Multiple security bugs in two main WatchGuard firewalls - WatchGuard Firebox and XTM Appliances. Rated medium to critical severity, these flaws opened the scope for a variety of appliance abuse. Two of the flaws in combination could let an attacker obtain pre-authentication remote root access in affected appliances. The other three flaws were blind Xpath injection, integer overflow, and privilege escalation.

Apple fixes WebKit issue
Patches for older iPhone and iPad devices were released in the light of an actively exploited vulnerability, tracked as CVE-2022-32893. It impacts WebKit and can be manipulated to achieve arbitrary code execution as soon as a user visits a malicious website via crafted web content. Another zero-day identified as CVE-2022-32894, also a code execution flaw, was addressed by the firm.

Top Scams Reported in the Last 24 Hours


QR code phishing scam
Online role-playing game Final Fantasy 14 has recently been targeted by cybercriminals sending direct messages to other players. The scam involves redirecting victims to image hosting services containing screenshots of a fake tweet from the official Final Fantasy 14 account. The tweet has a bogus QR code that takes the victim to a fake login portal for obtaining their credentials.

 Tags

google chrome 105
cve 2022 32894
international centre for migration policy development icmpd
sql injection bugs
xpath injection
watchguard firebox
ministealer
tiktok
wordpress cms
ios 12
common ground healthcare cooperative
national consumer service
cve 2022 32893
watchguard xtm appliances

Posted on: September 01, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.