Go to listing page

Cyware Daily Threat Intelligence, June 17, 2022

Cyware Daily Threat Intelligence, June 17, 2022

Share Blog Post

Known or unknown, it all begins with a security bug! Three critical vulnerabilities were reported in Anker’s Eufy smart home devices. These can allow hackers to cause privacy violations, service disruption, and arbitrary code execution on targeted devices. Another bug was unearthed in Office 365 that could allow ransomware attackers to encrypt files on SharePoint and OneDrive. Endpoint ransomware protection is recommended as a remedy. 

Call it a buggy day but researchers have uncovered sensitive flaws in a WordPress plugin (affecting 730,000 sites), Sophos Firewall, and top crypto wallet providers.

Top Breaches Reported in the Last 24 Hours

Environmental services provider
Arkansas-headquartered Montrose Environmental Group experienced a ransomware attack that affected computers and servers within its Enthalpy Analytical laboratory network. It is yet to be confirmed whether backup data and cloud-based enterprise systems, including email, were impacted or not. The group is in the process of notifying the affected parties.

Healthcare breach further impact millions 
Texas Tech University Health Sciences Center has added nearly 1.3 million patients as victims of the ransomware attack at Eye Care Leaders (ECL). A total of 58,642 victims are associated with Precision Eye Care and 23,993 are with Harkins Eye Clinic. The ransomware incident took place last year in December.

Top Malware Reported in the Last 24 Hours

NAS customers warned again for DeadBolt
QNAP has warned customers to protect their systems and devices against a new campaign of attacks dropping DeadBolt ransomware. It is highly recommended that users upgrade their QTS or QuTS hero operating systems on their NAS devices to the latest version. This is the fourth alert by the company in the present year.

Credit card skimmer abuses WooCommerce Theme
Credit card data theft on eCommerce websites resumes with hackers using Telegram bots to exfiltrate data. Going by recent reports, the skimmer was loaded in a custom file added to the popular Storefront WooCommerce theme and appended to the checkout page. As soon as an order is placed via the infected site, credit card details would be ported to a Telegram chat room.

Top Vulnerabilities Reported in the Last 24 Hours

Eufy Homebase 2 is vulnerable to attacks
Cisco Talos has discovered three bugs in Eufy Homebase 2, Anker’s central smart home device hub. Out of three, one is a critical RCE flaw. The critical bug, identified as CVE-2022-21806 and having a CVSS score of 10, can be exploited by sending a specially-crafted set of network packets to the target device. The second and third, tracked as CVE-2022-26073 and CVE-2022-25989, are high-severity bugs with CVSS scores beyond 7.

Autosaving in Microsoft 365 isn’t safe
According to Proofpoint, a functionality flaw in the Office 365 suite can be abused by hackers to encrypt files stored on SharePoint and OneDrive. The attack uses the “AutoSave” feature for the files edited on OneDrive or SharePoint as it creates cloud backups of older file versions. The affected files can be restored either by paying a ransom or through decryption keys.

Patching Ninja Forms installations
Wordfence threat analysts patched a code injection vulnerability in WordPress sites using Ninja Forms, which has over 1 million installations. A mass updation was enacted to a new build addressing the vulnerability. Experts believe it was already being exploited in the wild.
The vulnerability concerns Ninja Forms releases from version 3.0 and up.

Revealing crypto wallet’s recovery phrases
Secret recovery phrases for MetaMask and Phantom have come under attack due to a new ‘Demonic’ vulnerability. The flaw exposes wallets in a way that allows attackers to pilfer NFTs and cryptocurrency stored within it. CVE-2022-32969 stems from how browsers save contents of non-password input fields to the disk as part of their standard restore session system.

Hole in Sophos Firewall
Volexity researchers laid bare a sophisticated campaign by Chinese APT abusing a critical zero-day in Sophos’ firewall product. The flaw is tracked as CVE-2022-1040 and it came to light after a hacker penetrated the networks of an unnamed South Asian target. Cybercriminals accessed the firewall to conduct man-in-the-middle (MitM) attacks and used the data collected from it to compromise systems outside of the network.

Back-to-back patches
CyberArk shared details on a pipe vulnerability, tracked as CVE-2022-21893, in Windows for which Microsoft released another patch as the previous fix had given birth to a new attack vector. Researchers say if this wasn’t patched, it could lead to data compromise, lateral movement, and privilege escalation.


eye care leaders ecl
onedrive site
sharepoint files
crypto wallet apps
wordpress sites
zero day bug
qnap nas devices
texas tech university health sciences center
chinese apt activity
code injection vulnerability
pipe vulnerability
office 365
sophos firewall
montrose environmental group

Posted on: June 17, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite