Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 8, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 8, 2022
Kaspersky took the wrap off of a new Chinese cyberespionage operation while pursuing an investigation into a malware campaign. The campaign is spread-out in East European countries and drops a dangerous PortDoor backdoor. Parallelly, the CISA’s catalog finds a new entrant as adversaries continue to exploit the critical Zimbra bug, tracked as CVE-2022-27824. If exploited, it can open a path for them to access a vulnerable email server, which may eventually lead to spear-phishing, social engineering, and BEC type of scams.
Roughly two dozen bugs discovered in F5 products are now patched. About a dozen bugs, particularly the DoS flaws, could be exploited remotely and require no user authentication. So far, none of the vulnerabilities appear to be abused in the wild.
Smishing leaks Twilio’s customer data
Customer engagement platform Twilio disclosed falling victim to an SMS phishing, or smashing, campaign that targeted its employees for their login credentials. Hackers used the credentials to access customer data that may include sensitive information. The firm has refrained from commenting on the geographical impact of the breach.
Over 100 dental practices shut down
dental clinics were impacted by a cyberattack on Colosseum Dental Benelux, a dentistry service spread across the Netherlands and Belgium. The staff could not access customers’ patient history. The early signs suggest that it was a ransomware attack. Officials did not disclose the kind of data that hackers may have compromised.
Unknown hacker dumps data
A threat actor is offering about 4TB of proprietary data belonging to Israeli smartphone hacking (or cracking) firm, Cellebrite. The breach involves the company’s flagship product, Cellebrite Mobilogy, and the Cellebrite Team Foundation server. According to the report, the leaked data is only being offered to researchers and journalists.
Chinese cyberspies deploy PortDoor
Kaspersky linked an attack campaign deploying the new PortDoor malware, backdooring the defense industry in Eastern Europe, to Chinese APT TA428. The cyberespionage operation has been targeting design bureaus, research institutes, industrial plants, government agencies, and ministries across Belarus, Russia, Ukraine, and Afghanistan.
CISA catalog gets a fresh entry
The CISA has listed the Zimbra bug in its Known Exploited Vulnerabilities Catalog. Identified as CVE-2022-27824, the bug allows a third party to extract email account credentials (in cleartext) from Zimbra Collaboration instances without the need for any user interaction. The technique is known as Memcache poisoning via CRLF injection. It reroutes all IMAP traffic to the attackers’ server when a legitimate user attempt to log in.
F5 addresses 21 vulnerabilities
Security and application delivery solutions provider F5 has fixed 21 flaws affecting BIG-IP and other products in its quarterly security notification for August 2022. It contains nearly a dozen high-severity vulnerabilities that could be exploited to execute arbitrary code, cause a DoS condition, escalate privileges, and more. The other eight flaws are medium-severity and the last one is a low-severity flaw.