Go to listing page

Cyware Daily Threat Intelligence, July 29, 2022

Cyware Daily Threat Intelligence, July 29, 2022

Share Blog Post

Services to clean junk and optimize battery life to make mobile devices last longer have become a lucrative field for scammers. Recently, researchers have unearthed cyber adversaries targeting millions of Android users via malicious apps camouflaged as junk cleaners and device management programs. Separately, Microsoft has interlinked the operations of cybercriminals spreading Raspberry Robin and the notorious Evil Corp. Groups from both sides were strolling inside the same compromised network.

Do you use IP cameras made by Dahua? The security cameras made by the firm have been found to be affected by a bug that can fully compromise the devices. It affects the implementation mechanism of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication.

Top Breaches Reported in the Last 24 Hours

Non-profit hospital networks compromised
St. Luke’s Health System in the bi-state Kansas City metro area has suffered a data breach owing to a security incident at one of its vendors Kaye-Smith. ????????The incident laid bare an array of data, such as names, insurance-related infromation, SSNs, billing, and payment details for over 31,000 individuals. The report says the two entities aren’t working together anymore.

U.K’s school succumbs to ransomware
Wooton Upper School in Bedfordshire, U.K, is being held for ransom worth $600,000, exactly the amount hackers believe the victim is cyber-insured for. Reports suggest that the Hive ransomware group is involved in this attack that also affected Kimberley college for 16-19-year-olds. Notably, both of these organizations are part of the Wootton Academy Trust.

Hacker claim access to 50 American firms
An individual on a hacker forum alleged to have network access to 50 American companies via an unnamed MSP. He stated that the over 100 VMware ESXi instances and 1,000+ servers pertaining to those firms could be further compromised but lacks the right set of people in his team. Researchers say personal and business data could be at risk.

Top Malware Reported in Last 24 Hours

HiddenAds: A new Android malware
McAfee’s Mobile Research Team uncovered a new malware, dubbed HiddenAds, on the Google Play Store. Many of these malicious apps are posing as cleaner apps to delete junk files on devices or one that can help optimize power consumption for device management. The infected apps run automatically upon installation without needing any user interaction to open the apps.

Evil Corp deploys Raspberry Robin
Researchers at Microsoft associate the recent activities of Raspberry Robin, a Windows worm, with the actors behind the Evil Corp operation. They noted that threat actor DEV-0206 used the Raspberry Robin malware to deploy a downloader on networks that were at the same time compromised by Evil Corp actors. In several instances, the infection process led to the deployment of custom Cobalt Strike loaders.

Top Vulnerabilities Reported in the Last 24 Hours

Confluence flaw under active abuse
The critical bug in the Questions For Confluence app for Confluence Server and Confluence Data Center is being exploited in the wild. Identified as CVE-2022-26138, it could be exploited remotely to achieve unrestricted access to all pages in Confluence. As presumed, the exploitation has picked up following the release of the hard-coded credentials on Twitter.

Dahua’s IP cameras are hackable
Dahua's Open Network Video Interface Forum (ONVIF) standard implementation was spotted with a security vulnerability that could allow an attacker to take over IP cameras.  An attacker could simply tamper with a previous unencrypted ONVIF interaction and reiterate the credentials in a new request through a setting in the camera. Nozomi Networks uncovered the bug in "WS-UsernameToken" authentication mechanism present in certain models.

Top Scams Reported in the Last 24 Hours

Credential harvesting by mirroring landing pages
Cybercriminals have been spotted presenting unsuspected users with an organization’s fake login page to extract their credentials. The scam begins with a suspicious password expiration reminder email to the users. Then, a reCAPTCHA form appears that actually blocks automated scanners. The end user will have their email and other personal information pre-populated over the familiar login page and background, convincing them to cough up their credentials.


dahua ip cameras
questions for confluence app
st lukes health system
evil corp
wooton upper school
american firms
raspberry robin

Posted on: July 29, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite