We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 4, 2022

A high-severity bug—with the highest CVSS score of 10—has been identified in router models by DrayTek, a Taiwanese manufacturer. A hacker can take over the vulnerable routers, whose count is over 200,000 as of now. Remember Follina? A new malware threat aimed at Russian users was spotted abusing the Follina vulnerability. The malware, which stayed undetected for over a year, spreads through archive files and docs.

Parallelly, a lesser-known threat group has been observed attacking the research and technical services sector. It deployed the Ljl backdoor on an outdated Atlassian Confluence server for espionage purposes.

Top Breaches Reported in the Last 24 Hours

Guacamaya leaks 2TB of data

Cybercriminal group—Guacamaya—posted more than 2TB of emails and files from mining companies located in Central and South America. The victims include five public and private mining companies and two public agencies. The group also shared a video on how they accessed the victims’ networks and stole the files and emails.

**Major retailer in UAE suffered breach **

A ransomware attack crippled the internal server of Spinneys, a multinational supermarket chain. The leaked data include names, phone numbers, email IDs, delivery addresses, and previous order information. The firm clarified that no payment data was impacted during the incident since they don’t store it on servers. Customers are urged to stay vigilant against cybercrime activities.

JusTalk blurts out secrets

The popular mobile video calling and messaging app JusTalk, with 20 million global users, was found leaking a database blob storage supposedly containing private messages of the users. These messages in the unsecured database were stored unencrypted.

Top Malware Reported in the Last 24 Hours

New RAT in the town abuses Follina

Malwarebytes uncovered the new Woody RAT delivered to Russian targets via lures containing archive files and Office documents. The document bait called “Information security memo” (in Russian) provides safety practices for passwords, confidential information, and more. It weaponizes the Follina (CVE-2022-30190) vulnerability.

Fake website hosts Mars Stealer

Cyber adversaries behind a fake website for the Atomic wallet, a popular decentralized wallet, are distributing Mars Stealer, an information-stealing malware. The website has three buttons for downloading the wallet for Windows, Android, and iOS, respectively. Hackers use the information-stealing malware to extract account credentials from browsers, cryptocurrency extensions and wallets, and 2FA plugins.

Top Vulnerabilities Reported in the Last 24 Hours

Bug exploited in Atlassian Confluence server

A threat actor seemingly exploited an Object-Graph Navigation Language (OGNL) injection flaw in an outdated Atlassian Confluence server. Attackers targeted CVE-2022-26134 to deploy an unprecedented backdoor, Ljl, against an unnamed organization in the research and technical services sector. Researchers have blamed it on a threat activity cluster known as TAC-040.

DrayTek’s models have security holes

Security experts at Trellix reported at least 29 different router models from DrayTek were affected by a new critical RCE vulnerability. It has received the maximum severity rating of CVSS 10.0. The vulnerability could be exploited to fully compromise a targeted device and access the broader network.

Related Threat Briefings