Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 2, 2022

Smartphone users were exposed to remote hacking as researchers laid bare vulnerability within the UNISOC chip. This bug could be used to deny modem services and even block communications. In a strange incident, a security team discovered ransom notes within hundreds of unsecured Elasticsearch databases.

Separately, a cybercriminal group is targeting premium clients located globally via SMSes and calls in a malware campaign involving TrojanSMS. Currently, there are different versions of the malware. Researchers say the malware may spread further as it also fetches data from victims' contact lists.

Top Breaches Reported in the Last 24 Hours

Ransom notes pasted to misconfigured databases

Secureworks unearthed a unique attack campaign aimed at more than 1,200 misconfigured vulnerable Elasticsearch databases. Hackers have reportedly replaced victims’ indexes with ransom notes, asking for a ransom of up to $280,000 in total. Researchers could identify four email addresses and two different Bitcoin wallets associated with the attack campaign.

Top Malware Reported in the Last 24 Hours

Malware campaign claims victims worldwide

SMSFactory is a new malware campaign dropping TrojanSMS malware and harvesting money from devices by sending premium texts and calling premium-rate phone numbers. It propagates through malvertising, push notifications, and alerts displayed on game sites or free video streaming sites. Infected devices were found to be located across the U.S., Brazil, France, Russia, Turkey, and Ukraine, among others.

Top Vulnerabilities Reported in the Last 24 Hours

**New Windows zero-day **

A new Windows Search zero-day has surfaced. An unauthorized user can leverage it to automatically open a search window containing remotely-hosted malware executables. The adversary can modify Office documents to bypass Protected View and launch URI protocol handlers, without interacting with the users.

High severity flaw in Smartphone chip

Check Point Research reported a critical security bug in UNISOC’s smartphone chip with a CVSS score of 9.4 out of 10. The flaw affects 4G and 5G UNISOC chipsets. The impacted UNISOC modem is used for cellular communication majorly in Africa and Asia. As per media reports, Google will publish the patch in the upcoming Android Security Bulletin.

**MS Office apps vulnerable to homograph attacks **

Bitdefender discovered that MS Office apps, such as Outlook and Teams, are vulnerable to homograph attacks based on Internationalized Domain Names (IDNs). Hackers can spoof IDN homograph domains to fool users. Homograph attacks alone aren’t mainstream but are a dangerous and effective tool if used by APTs in targeted campaigns.

Top Scams Reported in the Last 24 Hours

Phishers lay bait on Telegraph

Email security platform INKY noted that phishing actors are exploiting Telegram's anonymous blogging platform, Telegraph, to steal users’ account credentials. Telegraph, as a free minimalist publishing tool, lets anyone publish anything without creating an account or providing any identification details. Hence, pages can be customized with embedded malicious images and links to harvest sensitive data.

Related Threat Briefings