Cyware Daily Threat Intelligence
Daily Threat Briefing • Aug 15, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Aug 15, 2022
Mobile-enabled payments is a highly trusted space but that was recently breached for Xiaomi users. A research group has uncovered vulnerabilities in the payment system of certain Xiaomi smartphones running MediaTek chips. A combination of vulnerabilities could be exploited to extract private keys and sign fake payment packages. Meanwhile, another group of experts reported the return of the SOVA Android banking Trojan that can now compromise more than 200 banking apps and crypto exchange wallets. The new version boasts a ransomware module too.
Adding to the cybersecurity woes are thousands of vulnerable VNC instances, with some of them affecting industrial control systems across nations. Moreover, several attack attempts originated from the Netherlands, Russia, and the U.S to exploit those.
Employee data dating back to 1970 exposed
Waterloo Region's District School Board revealed it fell victim to a cyberattack wherein a hacker accessed internal network drives that stored sensitive information about employees’ payroll and benefits administration. Several current and previous employees since 1970 were affected by the attack. The scope of impact on student data is yet to be determined.
PyPI package Mines for crypto
Sonatype found a new PyPI package containing a fileless cryptominer targeting Linux systems. Dubbed secretslib, it drops a Monero miner likely created via the ‘memfd_create‘ system call that lets developers root unknown files in RAM without the need to write the files to disk. The package, described as "secrets matching and verification made easy," was downloaded about 100 times.
New version of SOVA Android Trojan
SOVA version 5.0 has resurfaced to expand its attack surface to infect over 200 applications, including banking apps and crypto wallets. The new variant comes with the capability to encrypt devices with ransomware, although the feature is still at its primitive stage. Cleafy, an online fraud prevention firm, claimed that Spain has been the most aggressively targeted country, followed by the Philippines and the U.S.
Flawed payment systems in smartphones
According to Check Point researchers, security bugs in Xiaomi Redmi Note 9T and Redmi Note 11 smartphone models could be abused to hamper the payment processes. These models notably use MediaTek chips that provide the Trusted Execution Environment (TEE) for signing transactions. Researchers could even bypass Xiaomi and MediaTek security patches, which eventually opened up more possibilities for exploitation.
Unsecure VNC endpoints
Cyblesecurity researchers have unearthed at least 9,000 unprotected VNC (virtual network computing) endpoint instances that attackers can abuse to infiltrate internal networks. Some of these exposed VNC instances were also traced to industrial control systems, which are critical to industry operations. Most of the exposures were found in China and Sweden. Moreover, it could prove to be very risky in case any water treatment facility is exposed.