Cyware Daily Threat Intelligence
Daily Threat Briefing • Aug 31, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 31, 2022
Today’s hyperconnected world demands tight cybersecurity, but it is often overlooked. An unprotected Chinese database storing hundreds of millions of records was left exposed on the internet. On the other hand, Italy’s energy agency was hit by a malware attack that forced it to shut down its IT systems and website.
A persistent Golang-based malware campaign leveraged a deep field image—taken by James Webb Space Telescope—as a lure to install malicious payloads on infected systems. Meanwhile, the FBI, Secret Service, and the government of Lexington, Kentucky, came together to investigate a cybercrime theft of $4 million in federal funds.
Chinese database exposed online
A huge Chinese database containing over 800 million face prints and vehicle license plates was left exposed online for months before it got removed in August. The exposed data belongs to Xinai Electronics, a tech company based in Hangzhou on China’s east coast. According to a security researcher, the database was not password-protected and could be accessed by anyone who knew where to look.
Italy’s energy agency suffers malware attack
Italy’s state-owned energy agency Gestore dei Servizi Energetici SpA (GSE) suffered a malware attack, forcing the agency to shut down its IT systems and websites to protect its data. The agency’s role as a gas buyer of last resort for Italy’s electricity network was not hampered.
Chinese hackers use ScanBox malware
Chinese threat group APT40 has been targeting people at local and federal Australian government agencies, Australian news media organizations, and operators of wind turbine fleets in the South China Sea. They are sending phishing emails that direct victims to a fraudulent Australian news website containing malicious JavaScript payload from the ScanBox reconnaissance framework.
Hidden malware in images taken by NASA
Security researchers have spotted a new Golang-based malware campaign dubbed GO#WEBBFUSCATOR that relies on malicious documents, phishing emails, and deep field images taken from NASA’s James Webb Space Telescope (JWST) to spread malicious payloads. The threat actor deploys payloads that are currently not termed as malicious by the VirusTotal scanning platform.
Malicious Chrome extensions discovered
Five imposter extensions for the Google Chrome web browser disguised as Netflix viewers and others, have been discovered tracking users’ browsing activities and profit of retail affiliate programs. The extensions are designed to install a piece of JavaScript to keep tabs on the websites visited and inject malicious code into e-commerce portals, allowing the hackers to make money through affiliate programs for purchases made by the victims.
**Google Chrome 105 patches high-severity vulnerabilities **
Google released Chrome 105, which comes with patches for 24 vulnerabilities, including 13 use-after-free and heap buffer overflow bugs. 21 of the fixed security bugs were reported by external researchers, including one critical-, eight high-, nine medium-, and three low-severity vulnerabilities. A total of nine use-after-free issues were resolved with the latest browser update, the most important of which is a critical flaw in the Network Service component. Chrome 105 also patches five high-severity use-after-free vulnerabilities, impacting browser components such as WebSQL, Layout, PhoneHub, and Browser Tag.
WordPress releases patches in its new version
WordPress released version 6.0.2 of its content management system (CMS), with patches for three security bugs, including a high-severity SQL injection vulnerability. Identified in the WordPress Link functionality, the issue only impacts older installations, as the capability is disabled by default on new installations. However, the functionality might still be enabled on millions of legacy WordPress sites even if they are running newer versions of the CMS.
FBI and Secret Service investigate cybercrime theft
The government of Lexington, Kentucky joined hands with the FBI and Secret Service to investigate $4 million in federal rent assistance and housing funds allegedly stolen by cybercriminals. Investigators discovered that the threat actors managed to intercept emails between the city and a local community council that needed the funds.
Fraudsters dupe manufacturer
A multinational manufacturing firm that makes paper cups in India was duped off approximately $68,000 by cyber fraudsters. Allegedly, a scammer hacked the CEO’s email account to send emails to the company’s accounts department and made transactions to an unknown account.