Go to listing page

Cyware Daily Threat Intelligence, May 25, 2022

Cyware Daily Threat Intelligence, May 25, 2022

Share Blog Post

Multiple security products from different firms were infected with a certain type of vulnerability lately, however, only Trend Micro has apparently fixed it. Hope we see more updates soon! Separately, a critical bug was addressed in the new Chrome update, that witnessed 32 patches all in all. Furthermore, the CISA has appended 41 bugs to its exploited vulnerabilities catalog that can be referred to by government agencies and private organizations. 

More threats were found on public repositories for Python and PHP in the form of simulated modules. Such open-source repositories have been an attractive target for cybercriminals seeking to deliver malware payloads.

Top Breaches Reported in the Last 24 Hours

870 million loan data records exposed
SafetyDetectives team stumbled across a misconfigured Elasticsearch server that laid bare 147 GB of data for millions of microloan applicants from Ukraine, Kazakhstan, and Russia. Researchers said the anonymous server was left unguarded without any authentication protocols. They attributed the ownership of the server, with high confidence, to a Russian entity.

Ransomware hits SpiceJet 
Ransomware actors barged into the networks of the low-cost Indian airline SpiceJet, leaving several flyers stranded. Despite the claim (by airline operators) of restoring the operations to normal, passengers refuted it. Last week, multiple SpiceJet flights were forbidden from flying as the airline reportedly could not make payments to the Airports Authority of India.

Top Malware Reported in the Last 24 Hours

Fake packages on PyPi and GitHub
Security researchers discovered two malicious Python and PHP packages that were seeded by adversaries to carry out a software supply chain attack. ‘ctx’ is the Python module and ‘phpass’ is the PHP module planted by hackers. As observed, the rogue packages were designed to exfiltrate AWS credentials to a Heroku URL.

Ransomware acts like Robinhood
CloudSEK provided insights on GoodWill ransomware actors who ask its victims to donate to the poor and provides financial assistance to patients in need, in exchange for the decryption key. Attackers, as per the ransom note, want victims to accomplish three socially driven activities. Researchers surmise that there could be an Indian connection to this operation.

Top Vulnerabilities Reported in the Last 24 Hours

Chrome 102 received 32 patches
Google released Chrome 102 which patches 32 vulnerabilities, including a critical flaw tracked as CVE-2022-1853. The flaw, reported by an anonymous researcher, is described as a use-after-free bug affecting Indexed DB. The new stable channel release also patches eight other high-severity vulnerabilities reported by various researchers.

Zoom fixes four flaws 
Video conferencing platform Zoom addressed four vulnerabilities that could be exploited to compromise another user’s system by sending crafted Extensible Messaging and Presence Protocol (XMPP) messages over chat. Hackers could abuse the flaws to connect a victim to a malicious server and download a rogue update to execute arbitrary code.

Trend Micro fends off Chinese threat
Trend Micro announced the release of a patch that fixes a vulnerability being exploited by Moshen Dragon, a threat actor linked to China. According to previous findings, cybercriminals have been abusing the bug in antivirus products by Symantec, Bitdefender, McAfee, Trend Micro, and Kaspersky. They perform DLL search order hijacking to decrypt and deliver their payload. The bug was first reported by SentinelOne.

CISA’s catalog adds 41 bugs
The CISA annexed 41 vulnerabilities to its Known Exploited Vulnerabilities Catalog in the past two days. This also includes flaws in the Android Linux kernel and Cisco IOS XR that are being exploited in the wild by unknown actors. CISA has urged federal agencies to apply patches for the Android and Cisco vulnerabilities by June 13, 2022.


google chrome 102
elasticsearch servers
known exploited vulnerabilities catalog
goodwill ransomware
moshen dragon

Posted on: May 25, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite