Go to listing page

Cyware Daily Threat Intelligence, September 08, 2022

Cyware Daily Threat Intelligence, September 08, 2022

Share Blog Post

Gaps in prioritizing cybersecurity in the education sector are visible through the naked eye. A major breach had struck the Los Angeles Unified School District (LAUSD) a few days back and now U.S. authorities have cautioned education institutions against Vice Society ransomware attacks. A critical bug has also been reported in HP Support Assistant, which comes pre-installed in HP systems. The DLL hijack flaw can be abused by a hacker who already has penetrated a system via low-privileged malware or a RAT tool.

Another bug—with a CVSS score of 8.6—was reported in multiple Cisco products. By exploiting it, a cybercriminal could hijack the system either to create DoS conditions or impact the proprietary data.

Top Breaches Reported in the Last 24 Hours


Credential stuffing attack victimizes clothing firm
Known apparel brand The North Face has suffered a credential stuffing attack, exposing personal details of nearly 200,000 customer accounts. Victims of the incident will have to enter a new password and once again verify their payment card details to make a purchase. The firm further clarified that it doesn’t store payment details like credit card data on the site. It is the second credential stuffing attack on the brand in about two years.

French-speaking nations in Africa targeted
Check Point shared details about DangerousSavanna, an attack campaign claiming victims in the form of major financial and insurance companies in Africa. The countries it targeted include Ivory Coast, Morocco, Senegal, Cameroon, and Togo. It deploys off-the-shelf malware and hacking tools such as Metasploit, DWservice, PoshC2, and AsyncRAT through spear-phishing techniques.

Top Malware Reported in the Last 24 Hours


Education sector vs Vice Society ransomware
A joint advisory by U.S. officials highlighted threats to the education sector by the Vice Society ransomware group. The advisory recommends entities in the education sector take the right defensive measures, such as maintaining offline data backups and ensuring that all backup data is encrypted, and reviewing and monitoring the security posture of third-party vendors. 

Ex-Conti members attack Ukraine
Google's Threat Analysis Group revealed that former members of the Conti ransomware group have launched at least five different campaigns targeting Ukrainian entities between April and August. Also known as UAC-0098, the threat group has added European humanitarian and non-profit organizations to its hit list. It reportedly worked with Conti as an initial access broker.

Top Vulnerabilities Reported in the Last 24 Hours


Bug in HP Support Assistant
HP warned against a newly high-severity bug in HP Support Assistant, a software tool that comes embedded on all HP desktop and laptop systems. It is a DLL hijacking flaw that gets triggered when a user attempts to launch HP Performance Tune-up from within HP Support Assistant. The bug is tracked as CVE-2022-38395. HP recommends customers using version 9.x to update to the latest version.

Cisco fixes multiple vulnerabilities
Cisco released patches for three security flaws, including a critical flaw disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK). The sensitive flaw, identified as CVE-2022-28199, can allow a remote hacker to trigger DoS conditions and also cause concern for data integrity and confidentiality.

New Threat in the Spotlight 


Iranian APT infects using ransomware
Iranian threat actor Phosphorus, known for exploiting high-severity bugs, has added ransomware attacks to its arsenal of attacks. Microsoft's threat intelligence division revealed that the group has begun encrypting files on compromised devices using the built-in BitLocker tool.  DiskCryptor is another ransomware tool opportunistic Iranian actors started using earlier this year.

 Tags

financial firms
dos conditions
bitlocker
nvidia data plane development kit
conti ransomware group
cve 2022 3839
cve 2022 28199
the north face
dangeroussavanna
credential stuffing attack
vice society ransomware group
phosphorus apt
cisco products
hp support assitant
ukraine

Posted on: September 08, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.