Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 15, 2022

The culprits of one of the largest DDoS attacks have been identified as Mantis, whose nomenclature was done keeping tiny Mantis shrimps in mind, due to the size of the attack it pulled off with a relatively small botnet infrastructure. However, there isn’t a guardian for a WordPress plugin to address a critical flaw. Millions of websites were discovered being scanned for the flawed plugin.

Furthermore, nearly half a dozen firms, including Microsoft, VMware and Ubuntu, issued patches against the Retbleed attack technique impacting chipmakers Intel and MD. Patch yours now!

Top Breaches Reported in the Last 24 Hours

Data of transplant patients leaked

Medical records and personal data of about 4,500 transplant participants at Virginia Commonwealth University Medical Center were lying exposed for anyone to access. The privacy breach also included information about their donors. In some cases, exposed data involved records dating back to 2006.

Brit recruitment agency disclose a breach

Morgan Hunt, a U.K-based recruitment agency, announced that it experienced a security incident that laid bare the personal data of its clients via one of their sever databases. Exposed data include contractors' names, contacts and addresses, IDs, documents, National Insurance numbers, and more.

Top Malware Reported in Last 24 Hours

Small-to-midsize firms under attack by new ransomware

Microsoft researchers found a year-old ransomware campaign called Holy Ghost, aka DEV-0530, targeting small to mid-sized organizations such as banks, schools, manufacturing, and event and meeting planning firms. It is suspected that North Korean hackers—not necessarily associated with or backed by the North Korean government—could be behind the attacks.

Tiny botnet network launched massive DDoS attack

Cloudflare has unearthed an effective botnet operation by Mantis (named after Mantis shrimp) that affected nearly 1,000 of its customers. Experts found that Mantis compromised just over 5000 IoT devices, including MikroTik routers, and launched more than 3,000 HTTP DDoS attacks last month, including the biggest-ever HTTPS-based DDoS attack recorded to date.

Top Vulnerabilities Reported in the Last 24 Hours

Securing systems against Retbleed

Intel and AMD released software updates to address the recently disclosed Retbleed speculative execution attack, disclosed earlier this week. Meanwhile, Citrix has released hotfixes for Hypervisor to address this issue. Other major firms that have fixed the flaws are VMware, Microsoft, The Xen Project, and Ubuntu. Red Hat Enterprise Linux releases 6 will not be fixed.

PoC exploit for macOS sandbox escape flaw

Microsoft published the exploit code for a bug, identified as CVE-2022-26706, in macOS. The bug could help a hacker dodge sandbox restrictions and execute arbitrary code on the targeted system. The bug came to notice when researchers were looking into the methods to run and detect malicious macros in Office documents on macOS.

A trio of bugs patched in Lenovo

Lenovo fixed three bugs impacting more than 70 products, including ThinkBook systems. The CVEs, tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, can be abused for code execution in a way that can lead to interruption and hijacking of the operations systems’ execution flow while blocking some important security features.

Flaw impacts over one million WordPress sites

Researchers at Defiant disclosed a widespread attack campaign scanning a flaw in over 1.6 million WordPress sites. The flaw, dubbed CVE-2021-24284, resides in the Kaswara Modern WPBakery Page Builder, a WordPress plugin. Its author has allegedly abandoned the product before a patch could reach him.

Related Threat Briefings