Go to listing page

Cyware Daily Threat Intelligence, September 13, 2022

Cyware Daily Threat Intelligence, September 13, 2022

Share Blog Post

Healthcare systems today are not well-equipped to deal with ever-growing cybersecurity threats owing to several security gaps in medical devices, noted the FBI. The news comes days after four vulnerabilities were reported in devices made by multibillion-dollar healthcare firm Baxter International. Meanwhile, a ransomware attack crippled the networks of OakBend Medical Center, a Texas-based hospital. All of its systems had to be pulled offline to contain the impact of the attack. 

What more? High-severity zero-days run rampant in both consumer and enterprise products as Apple and Trend Micro address such flaws in their respective products. Both bugs enable hackers to conduct arbitrary code execution. Additionally, multiple other flaws were also fixed by both firms.

Top Breaches Reported in Last 24 Hours


U-Haul reports data breach
U-Haul International reported a data breach wherein attackers accessed a few clients' rental contracts between November 5, 2021, and April 5, 2022. The breached information includes details like the driver's license information, the customer’s name, and the state identification number. The attacker accessed the company’s contract search portal after compromising two unique passwords. 

GhostSec compromises Berghof PLCs
GhostSec, a pro-Palestinian hacking group, has asserted that it compromised 55 Berghof Programmable Logic Controllers (PLC) used by Israeli organizations. The group made the announcement on social media, as well as on its Telegram channel. Security experts believe threat actors gained access to the PLCs' admin panels by using common and default credentials. As a result, hackers were able to control industrial processes directly which includes the ability to modify the water's pH and chlorine levels.

Ransomware attack on Texas hospital
Cyber adversaries encrypted sensitive files on the servers of OakBend Medical Center, Texas, while also knocking its IT systems offline. While the incident has cautioned communication issues among the stakeholders, the Daixin ransomware group, on the other hand, has allegedly claimed responsibility for the attack. Reports suggest that the hospital is operating under EHR downtime procedures.

Top Malware Reported in Last 24 Hours


Lorenz ransomware breaches corporate networks
The Lorenz ransomware gang exploited a critical RCE flaw—tracked as CVE-2022-29499—in Mitel MiVoice VOIP appliances to breach organizations. The threat actors exploited the flaw to obtain a reverse shell and subsequently used Chisel to enter the targeted environment. A total of 19,000 Mitel devices are used in government offices, which are now exposed to cyberattacks. The organization released corresponding security patches in early June 2022.

Top Vulnerabilities Reported in the Last 24 Hours


Trend Micro patches Apex One zero-day
Trend Micro addressed flaws—including a zero-day—in its Apex One endpoint security product. The security hole, identified as CVE-2022-40139, has been classified as an inappropriate validation problem connected to a rollback function. The bug permits the agent to download untrusted backup elements and run arbitrary code. Experts believe that the attacker already had access to the product's administration console authentication details. However, no information is available about the attacks that exploit the bug.

Apple releases key security updates
Apple issued a new set of security upgrades to patch various vulnerabilities in iOS and macOS, including a new zero-day flaw. The issue, identified as CVE-2022-32917, allows a malicious app to run arbitrary code with kernel privileges. Besides, Apple has patched 10 security flaws in iOS 16 that revolve around Kernel Maps, WebKit, MediaLibrary, Contacts, and Safari. An additional feature - Rapid Security Response - has also been introduced that lets users automatically apply security fixes on their devices without installing a full operating system update.

Hundreds of vulnerabilities in medical devices 
The FBI has spotted hundreds of bugs in medical equipment running on obsolete software and devices. The agency outlined bugs in insulin pumps, mobile cardiac telemetry, intracardiac defibrillators, pacemakers, and intrathecal pain pumps. If exploited, the attacks could have a serious impact on patient safety, operational functions, and data security of healthcare institutions.

Authentication flaws in Azure AD
Researchers from Secureworks uncovered that cybercriminals could steal the identity of the Pass-Through Authentication (PTA) agent by exporting the certificate used for authentication in Azure Active Directory (Azure AD). The compromised certificate can be used to create an undetectable backdoor, allowing criminals to log in using invalid passwords, gather credentials, and cause DoS conditions. Moreover, they can renew the certificate to maintain persistence.

Vulnerability in Apache’s Xalan-J
Researchers have come across a flaw in Xalan-J, an Apache project utilized by several SAML implementations, that could permit arbitrary code execution. Xalan-J is a Java-based XSLT processor. It suffers from an integer truncation issue when processing malicious XSLT files. The vulnerability has since been fixed in OpenJDK. However, the same has not been fixed in Apache’s version, which is no longer in use.

Top Scams Reported in the Last 24 Hours


Chinese scammers cheat Indian nationals
An Indian cybercrime unit has exposed a fraud in which Chinese crooks siphoned off a colossal $529 million from Indian citizens. The phishing methods used included bogus cryptocurrency trading schemes, instant lending apps, and part-time jobs as bait. The entire scam was run by Chinese hackers, with equal cooperation from the SMS aggregators who promoted their fraud through bulk text messages. The fraud was traced back to the Middle Kingdom, with a few operators in Nepal acting under the supervision of Chinese threat actors.

New Threat in the Spotlight 

Asian entities targeted in espionage attacks
Symantec warned about cyberespionage attacks against Asian governments and state-owned organizations. The campaign is mainly directed at government institutions related to aerospace, finance, and defense, among others. The attackers leverage the DLL side-loading technique to load their malware payloads on original software packages. The threat actor also made use of PsExec and Fscan as part of the attack chain.

 Tags

apple
daixin ransomware
mitel mivoice voip
openjdk
cve 2022 40139
azure active directory
asian government
cve 2022 32917
apache xalan java
chinese scam
ghostsec
apex one
u haul
oakbend medical center

Posted on: September 13, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.