Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 12, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 12, 2022
Modifying source code and introducing custom configuration to a popular DMBS has invited new troubles. As per reports, a majority of cloud vendors are modifying codes for PostgreSQL, leaving customer databases at the risk of theft. In other news, U.S. officials warned against the Zeppelin ransomware infection as it continues to gain prominence in the cybercriminal underground marketplaces. It is actively targeting large organizations in Europe and the U.S.
The Zimbra email and collaboration platform has been in the headlines for various bugs for the past two weeks. A new report revealed that threat actors exploited a couple of bugs to target more than 1,000 servers.
Michigan’s water service exposes customers
Ypsilanti Community Utility Authority, Michigan, was targeted by a ransomware group. Experts say the incident may have impacted the personal and banking data of about 2,000 Ypsilanti-area utility customers. Authorities are not aware of any misuse of customer data. Customers were advised to contact their financial institution to enquire about account safety steps.
Zeppelin ransomware on the rise
Zeppelin actors continue to compromise victim networks through RDP, SonicWall firewall vulnerabilities, and phishing. The FBI and CISA have shared TTPs and IOCs regarding the threat to help organizations mitigate the threat and safeguard themselves. Zeppelin is a Ransomware-as-a-Service (RaaS) operation that has undergone several name changes in the past.
High-severity bug in Realtek devices
Tracked as CVE-2022-27255, cybersecurity experts have found a critical vulnerability in the eCos SDK by Realtek. could expose the networking devices of many vendors to remote attacks. The stack-based buffer overflow bug enables an attacker to cause a DoS condition or execute arbitrary code on compromised devices.
Cloud vendors exposing databases
Wiz Research uncovered multiple bugs in popular PostgreSQL-as-a-Service offerings by multiple cloud vendors. By exploiting the bugs, a hacker can gain root access and initiate complex attacks to steal databases of customers in Azure Database for PostgreSQL (Flexible Server). Note that the bug doesn’t reside in the PostgreSQL codebase, but rather in the code modified by cloud vendors as per their project needs.
Cisco risks RSA private key
Multiple patches were rolled out to address flaws in Cisco software. These could be abused by unauthenticated individuals to obtain sensitive information. One of the flaws flaw, identified as CVE-2022-20866, is a logic error that can be exploited to retrieve the RSA private key. It has also patched a client-side request smuggling flaw, CVE-2022-20713.
Authentication bypass in Zimbra Suite
Volexity has revealed a vulnerability in Zimbra that attackers have been abusing to deploy web shells on particular areas of compromised servers to gain persistence. Through CVE-2022-27925 and CVE-2022-37042, hackers already penetrated over 1,000 servers related to the email and collaboration platform.