Cyware Daily Threat Intelligence

Daily Threat Briefing • Jun 2, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jun 2, 2022
Smartphone users were exposed to remote hacking as researchers laid bare vulnerability within the UNISOC chip. This bug could be used to deny modem services and even block communications. In a strange incident, a security team discovered ransom notes within hundreds of unsecured Elasticsearch databases.
Separately, a cybercriminal group is targeting premium clients located globally via SMSes and calls in a malware campaign involving TrojanSMS. Currently, there are different versions of the malware. Researchers say the malware may spread further as it also fetches data from victims' contact lists.
Ransom notes pasted to misconfigured databases
Secureworks unearthed a unique attack campaign aimed at more than 1,200 misconfigured vulnerable Elasticsearch databases. Hackers have reportedly replaced victims’ indexes with ransom notes, asking for a ransom of up to $280,000 in total. Researchers could identify four email addresses and two different Bitcoin wallets associated with the attack campaign.
Malware campaign claims victims worldwide
SMSFactory is a new malware campaign dropping TrojanSMS malware and harvesting money from devices by sending premium texts and calling premium-rate phone numbers. It propagates through malvertising, push notifications, and alerts displayed on game sites or free video streaming sites. Infected devices were found to be located across the U.S., Brazil, France, Russia, Turkey, and Ukraine, among others.
**New Windows zero-day **
A new Windows Search zero-day has surfaced. An unauthorized user can leverage it to automatically open a search window containing remotely-hosted malware executables. The adversary can modify Office documents to bypass Protected View and launch URI protocol handlers, without interacting with the users.
High severity flaw in Smartphone chip
Check Point Research reported a critical security bug in UNISOC’s smartphone chip with a CVSS score of 9.4 out of 10. The flaw affects 4G and 5G UNISOC chipsets. The impacted UNISOC modem is used for cellular communication majorly in Africa and Asia. As per media reports, Google will publish the patch in the upcoming Android Security Bulletin.
**MS Office apps vulnerable to homograph attacks **
Bitdefender discovered that MS Office apps, such as Outlook and Teams, are vulnerable to homograph attacks based on Internationalized Domain Names (IDNs). Hackers can spoof IDN homograph domains to fool users. Homograph attacks alone aren’t mainstream but are a dangerous and effective tool if used by APTs in targeted campaigns.
Phishers lay bait on Telegraph
Email security platform INKY noted that phishing actors are exploiting Telegram's anonymous blogging platform, Telegraph, to steal users’ account credentials. Telegraph, as a free minimalist publishing tool, lets anyone publish anything without creating an account or providing any identification details. Hence, pages can be customized with embedded malicious images and links to harvest sensitive data.