Go to listing page

Cyware Daily Threat Intelligence, September 23, 2022

Cyware Daily Threat Intelligence, September 23, 2022

Share Blog Post

Open-source repositories can present convenient infiltration opportunities for hackers if not properly security audited. Just like an NPM package found posing as Material Tailwind (an open-source CSS framework) to distribute malicious code on the systems of developers. The fake package is portrayed as a helpful development tool with an automatic post-install script feature. In other news, a severe Oracle Cloud Infrastructure (OCI) vulnerability has been revealed by Wiz researchers that can be exploited to gain access to other Oracle customers' virtual disks.

Furthermore, the CISA added a high-severity flaw affecting multiple Zoho ManageEngine products to its catalog of exploited vulnerabilities. The flaw can be exploited to conduct remote code execution attacks. Finally, cybercriminals are making conscious efforts to exploit a critical template vulnerability in Magento 2.

Top Breaches Reported in Last 24 Hours


Portugal airlines suffer a cyberattack 
The Ragnar Locker ransomware group was found offering the stolen information of 1.5 million passengers of TAP Air Portugal on the dark web. Hackers had breached Portugal’s national airline and compromised passengers’ personal information. The exposed data includes the name, sex, address, nationality, date of birth, email, and contact details. However, the flying carrier confirmed that no payment data was breached in the attack.

Optus cyberattack impact 1/3rd of Australia
Cyberattack on Optus, Australia's second-largest telecom provider, has resulted in a data leak potentially affecting up to 9.8 million people, or 37% of the population. No financial data, passwords, or customer document images were stolen in the cyberattack, according to the company. However, the company believes the attackers gained access to names, phone numbers, birth dates, and email addresses. Additionally, for a subset of customers, addresses, and ID numbers may have been compromised.

Top Malware Reported in Last 24 Hours

Malware campaign targets Uyghurs
Checkpoint researchers discovered an enduring spyware operation targeting the Uyghur community since at least 2015. Known as MobileOrder, the spyware can steal sensitive data from an infected device, making it a hazardous surveillance tool. Additionally, it can make phone calls, track their location, and send SMS messages on their behalf. Social engineering tactics may be used by the attacker to trick unsuspecting victims into launching malicious software.

Rogue NPM mimics Material Tailwind
ReversingLabs researcher has discovered a malicious NPM package named material-tailwindcss posing as the Material Tailwind CSS library. The rogue package has an automatic post-install script, designed to download a password-protected ZIP archive file containing a Windows executable to run PowerShell scripts. The package has been downloaded 320 times on or after September 15 to date.

Top Vulnerabilities Reported in Last 24 Hours


Critical vulnerability exposed in OCI
Wiz researchers discovered a critical Oracle Cloud Infrastructure vulnerability, dubbed AttachMe, that could be abused to access the virtual disks of other Oracle customers. Each virtual disk has a unique identity, OCID, and an attacker compromising it could access any storage volume, leading to data exfiltration, and even changing boot volumes to achieve code execution.

CISA warns about severe RCE bug
The CISA warned of a critical Java deserialization flaw affecting more than one Zoho ManageEngine product. The flaw, indexed as CVE-2022-35405, can be exploited in remote attacks without requiring user interaction. A successful attack would enable threat actors to achieve RCE on servers running unpatched Zoho ManageEngine PAM360, Password Manager Pro (without authentication), or Access Manager Plus software (with authentication).

Magneto bugs used in fresh attacks
Sansec researchers observed hackers attempting to exploit CVE-2022-24086, a critical Magneto 2 bug, to execute malicious code on unpatched websites. Researchers claimed to have observed three template hacks that attempted to install a RAT by exploiting the security hole. The first variant creates a new customer account on the target platform, the second one tries to introduce a PHP backdoor, and the third variant executes to substitute PHP with malicious code.

Top Scams Reported in Last 24 Hours


Phishing campaign targets GitHub users
Hackers targeted GitHub users in an ongoing phishing campaign, with emails masquerading as alerts from CircleCI, a continuous integration and delivery platform. The fake messages ask the user to review the upgrade to its terms and privacy policy. To do so, they need to sign into their GitHub account and accept the changes to enjoy uninterrupted services. The adversary’s goal is to steal user account credentials and 2FA codes through reverse proxies.

 Tags

tap air portugal
material tailwind css
github
npm packages
rce bugs
uyghurs
optus
magneto 2
mobileorder spyware
zoho manageengine

Posted on: September 23, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.