Cyware Daily Threat Intelligence
Daily Threat Briefing • Jul 5, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 5, 2022
While the celebrations were on for the 4th of July, Google issued a critical security fix for a heap buffer overflow zero-day in WebRTC. Researchers claim that an unauthorized individual could remotely execute an arbitrary code and bypass the protection mechanism, leading to DoS and other threats. Meanwhile, a six-month-long malicious campaign has come to light that has been stealing personal data through dozens of obfuscated Javascript packages.
Furthermore, a sensitive breach in the police network of Shanghai has apparently caused chaos after samples tested against the claims of stealing billions of data were found true. The data trove is allegedly available to anyone who can shell out 10 BTC.
Nearly one billion exposed in China
A threat actor was found offering billions of records, including sensitive details, on Chinese citizens for 10 BTC. The data being advertised through online forums and social media platforms were stolen from the servers of the Shanghai National Police. The database also has information such as the location of the crimes and a brief description of the related incidents.
Third-party breach hits healthcare clinic
Mattax Neu Prater Eye Center, Missouri, suffered a data breach through myCare Integrity, an electronic medical records platform. It was observed that hackers deleted databases and system configuration files after infiltrating the systems. According to HIPAA, over 90,000 people were impacted by the incident.
AstraLocker shuts down
AstraLocker ransomware actor has announced to quit its operation and shared decryptors with the VirusTotal malware analysis platform. It was based on the source code of the Babuk Locker that had suffered a major leak last year. Last week, Astralocker released a new variant that would spread via phishing emails.
Dozens of malicious JS packages
Security researchers at ReversingLabs laid bare a widespread software supply chain attack offered via the NPM package manager. The campaign is active since December 2021 and has been designed to pilfer data entered in forms by online users via mobile applications and websites. The campaign is being tracked as IconBurst.
Google’s urgent update
A new version of Chrome 103 was released with the fixes of several security vulnerabilities, including an actively exploited zero-day bug. The flaw tracked as CVE-2022-2294 is a heap buffer overflow condition in WebRTC, the engine that powers the browser’s real-time communications. The zero-day bug affected both Windows and Android versions of the browser.
Fake employment drive in the UK
Malwarebytes uncovered a scam campaign that lays bait for individuals interested to work in the United Kingdom. The gang sends out recruitment drive messages, via WhatsApp, impersonating staff from the UK government. Visitors may lose their personal data, including their names, email addresses, marital status, contact details, and employment status.