Go to listing page

Cyware Daily Threat Intelligence, September 06, 2022

Cyware Daily Threat Intelligence, September 06, 2022

Share Blog Post

Another day, another new malware. Researchers at AT&T Alien Labs disclosed a potential malware threat, dubbed Shikitega, which is delivered via a multistage infection chain. The malware abuses vulnerabilities in the compromised systems to gain privileges, maintain persistence, and execute cryptominer. Also, read about QNAP and Deadbolt's ongoing cyber battle. The recent development marks the fourth round of attacks by the gang members on QNAP NAS appliance users since January.

Meanwhile, a privilege escalation flaw in the web CMS Squiz Matrix was reported by security researchers. It could be exploited by altering an administrator’s email to an attacker-controlled address, leading to an account takeover.

Top Breaches Reported in the Last 24 Hours


Unconfirmed TikTok breach
Several security experts claimed the leakage of over 2TB of TikTok records through a breach in its internal server. The leak allegedly includes internal statistics, code, and 790 GB worth of user data. The forum member, who uses the handle AgainstTheWest, posted screenshots as proof of the breach. It also includes data stolen from WeChat.

Ransomware cripples LA Unified School District
IT systems, including email servers, at the Los Angeles Unified School District were disrupted in the wake of a cyberattack. The attack by a ransomware group had barely any impact on critical business systems, employee healthcare, and payroll operations. More details on the incident are awaited as an investigation is underway.

Top Malware Reported in the Last 24 Hours


New malware against Linux users
Shikitega has surfaced as a new malware threat, targeting endpoints and IoT devices running Linux. The malware downloads and executes Metasploit’s Meterpreter to take control of infected machines. It is possible that an attacker can gain full control of the system and persist for cryptomining purposes. The main dropper of the malware is an ELF file of 370 bytes.

QNAP-DeadBolt lock horns, once again
QNAP has warned its customers of ongoing cyberattack attempts by the operators of DeadBolt ransomware. According to reports, hackers are exploiting a zero-day flaw in Photo Station. A security patch is out but users can also replace Photo Station with QuMagie, a photo storage management tool.

Top Vulnerabilities Reported in the Last 24 Hours


Account takeover bug in web CMS
A vulnerability was reported in Squiz Matrix web CMS during a pen-test engagement by Trustwave SpiderLabs. The Indirect Object Reference (IDOR) vulnerability could let an attacker abuse admin rights on targeted installations. The CMS tool serves over 280 organizations, including governments, businesses, and educational institutions in 
Australia and the U.K.

 Tags

deadbolt ransomware
cryptomining activity
squiz matrix cms
indirect object reference idor
tiktok
qnap devices
shikitega
los angeles unified school district lausd
qumagie
photo station
metasploit meterpreter

Posted on: September 06, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.