In an uncanny incident, a notorious cybercriminal group turned to TikTok’s ‘Invisible Challenge’ to trick users into downloading the W4SP Stealer malware. With over a million views on such videos, threat actors managed to steal and add more than 30,000 members’ accounts to their Discord servers. In other headlines, a critical UEFI vulnerability in Acer laptops was discovered to pose a major threat to users. Criminals can hijack the OS loading process to bypass or even disable protections to plant payloads with system privileges.

What more? The CISA would like to pull your attention toward a high-severity bug in Oracle Fusion Middleware that is under heavy exploitation by hackers. A hacker could completely take over Access Manager instances by abusing the flaw.

Top Breaches Reported in the Last 24 Hours

Hive ransomware hit North Carolina college

Guilford College, North Carolina, disclosed a ransomware attack that culminated in the leak of sensitive data of students, faculty, and staff. The Hive group took full responsibility for the attack and threatened to leak the stolen data if the ransom amount is not paid. In response to the attack, the impacted networks were brought offline.

Top Malware Reported in the Last 24 Hours

TikTok challenge downloads malware

‘Invisible Challenge’ on TikTok is being exploited by cybercriminals to install malware on thousands of devices through a fake software offer. The fake software, in fact, installs the W4SP Stealer malware. Through this, hackers attempt to pilfer passwords and compromise cryptocurrency wallets and Discord accounts. These videos had already garnered over a million views.

Fake Android App - Symoo

Evina researcher Maxime Ingrao uncovered Symoo, a fake Android SMS app with 100,000 downloads. It acts as an SMS relay service for account creation for the likes of Google, Instagram, Microsoft, Telegram, and Facebook. It was observed that Symoo exfiltrates SMS data to a domain in use by another application on Google Play, Virtual Number (not available anymore).

Top Vulnerabilities Reported in the Last 24 Hours

Sensitive bug fixed by Acer

Multiple laptop models by Acer were found infected with a high-severity flaw that could lead to the deactivation of UEFI Secure Boot on targeted systems. Identified as CVE-2022-4020, the flaw lies in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices, explained ESET. Attackers with high privileges can abuse the flaw in low-complexity attacks, without the need for any user interaction.

CISA warning against Oracle RCE bug

The CISA added a critical RCE bug in Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog. The bug is tracked as CVE-2021-35587 (CVSS score of 9.8) and is being exploited by threat actors. It concerns Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0.

Top Scams Reported in the Last 24 Hours

Black Friday-themed scams

CloudSEK exposed a malicious campaign ahead of Black Friday 2022 that can compromise the PII and banking credentials of users. Researchers have spotted the promotion of malicious applications requesting several high-risk permissions on users’ devices. The other type of campaign includes the domain impersonation of legitimate websites, such as “Shoe The Bear,” to extract user data.

Scammers impersonate UAE officials

CloudSEK released a new advisory about a previously disclosed phishing campaign against the UAE government. The team suggested that the campaign appears to be more substantive than believed earlier. Security experts have noted an additional cluster of phishing domains—camouflaged as the Ministry of Human Resources of the UAE government—targeting contractors with lures, such as vendor registration and contract bidding.