We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 5, 2022

Emergency systems are at the core of public safety. Hackers could hijack the Emergency Alert System encoder/decoder devices in the U.S. due to security weaknesses. The national public warning system suffered a serious security flaw, whose proof of concept is expected to be disclosed at the upcoming DEFCON 2022 conference in Las Vegas. With two high-severity bugs found, Cisco Small Business VPN routers are at the risk of being seized by an unauthenticated attacker. The bugs are in the web-based management interface and the web filter database update feature.

Meanwhile, the German Chambers of Commerce appears to have fallen victim to a ransomware attack. Authorities, who referred to the attack as “massive,’ are not sure how long the essential services will remain shut down.

Top Breaches Reported in the Last 24 Hours

**‘Massive’ attack on a German chamber **

A major cyberattack targeted the Association of German Chambers of Industry and Commerce (DIHK), throwing its IT systems, including telephones, email servers, and digital services, offline. The nature of the attack points toward a ransomware threat actor. The news of the breach was announced via a LinkedIn post. More information is awaited on the type of compromised data.

Indiana neurology facility disclosed ransomware infection

Neuro Practice, Indiana, exposed the sensitive information of nearly 363,000 individuals in a ransomware attack allegedly by the Hive group. A plethora of patient data, such as names, SSNs, email addresses, medical record numbers, patient account numbers, diagnosis and treatment information, and insurance information, has made it to the dark web.

Top Malware Reported in the Last 24 Hours

Iranian threat actors targeted Albania?

Researchers at Mandiant stumbled across ROADSWEEP, a ransomware family, and a Telegram persona, both of which were involved in attack campaigns against the Albanian government. Experts suspect that a previously unknown backdoor CHIMNEYSWEEP and a new ZEROCLEAR (wiper) variant could also be a part of this campaign.

Top Vulnerabilities Reported in the Last 24 Hours

Sensitive flaws discovered in Cisco routers

Researchers have unearthed three security flaws in Cisco’s RV160, RV260, RV340, and RV345 series VPN routers. These flaws can be remotely exploited by an attacker to trigger arbitrary code execution and DoS condition. Two of the vulnerabilities, identified as CVE-2022-20842 and CVE-2022-20827, have received a ‘critical’ severity rating. While the former affects the routers’ web-based management interface, the latter concerns its web filter database update feature.

Site isolation bypass hits Chromium

Security researcher Alesandro Ortiz reported a bug in the Chromium project, allowing attackers to bypass site isolation protection through popup windows and iFrames. When successfully exploited, the bugs can lead to the leak of sensitive data, reading and modifying cookies, and access to microphone and camera feeds. The vulnerability was caused by a code change made to the browsers’ previous version.

Critical flaws in Emergency Alert System

The DHS is warning of critical vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. Officials avoided revealing details about the bug to prevent its active exploitation by cyber adversaries. The threat can let a cybercriminal seize the nation’s emergency broadcast network and issue bogus announcements through radio and TV stations.

Related Threat Briefings