Cyware Daily Threat Intelligence
Daily Threat Briefing • Jun 24, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jun 24, 2022
Log4Shell continues to haunt organizations in the U.S. as the government agencies underlined several incidences of various hacker groups, including an APT, trying to penetrate enterprise networks. Meanwhile, threat actors behind scalper bots made it extremely challenging for the Israeli government to deliver public services by faking hundreds of thousands of appointment requests.
In another update, Google has pointed toward an Italian firm for developing the Hermit spyware that can infect both iOS and Android. For now, its victims are in Italy and Kazakhstan.
**Extortion attack hits Brazilian retail **
Cyber adversaries claimed to breach the networks of Sao Paulo-based retail company Fast Shop and steal terabytes of data. The group was able to take over the retailer’s Twitter account and could push its website and app for a shutdown. There’s no information on which extortion group was behind the attack.
More victims at a healthcare facility
Indiana University Health revealed that the sensitive information of its patients was leaked in a cyber incident at MCG Health in 2020. Exposed data include names, SSNs, medical codes, full addresses, contact numbers, email addresses, gender details, and more.
Scalper bots cause mayhem in Israel
Akamai researchers reported an army of scalper bots trained to secure appointments for public services offered by the Israeli government. Affected areas of services include passport renewal, transport, utilities, the post office, and national insurance. Hackers scheduled more than 700,000 fake appointments, creating a months-long backlog at the Ministry of Interior.
Goggle warns of Hermit spyware
According to Google Threat Analysis Group, Hermit, an enterprise-grade spyware strain, is targeting Android and iOS mobile device users in Italy and Kazakhstan. The spyware can steal a plethora of information such as SMS messages, contact lists, call logs photos, while also exfiltrating the GPS location data of a user.
CISA alert on Log4Shell
The CISA, along with other agencies, urged organizations to patch the Log4Shell flaw in VMWare Horizon and Unified Access Gateway servers. The bug, CVE-2021-44228, was recently exploited by a suspected APT actor to deploy loader malware on targeted systems. In another incident, the CISA was forced to conduct an onsite incident response engagement.
Patch arrived after six months
Security researchers have uncovered more details on a critical Fusion Middleware vulnerability in Oracle systems. Identified as CVE-2022–21445, the flaw could be exploited for arbitrary code execution. It impacts all applications that rely on ADF Faces such as Business Intelligence, WebCenter Portal, Application Testing Suite, Identity Management, SOA Suite, and more.
Hackers use COVID-19 lure
Cybercriminals were found impersonating the U.K’s NHS and sending fraud messages through SMSs, about individuals being infected by the Omicron variant of COVID-19. They urge potential victims to order a test kit, which costs £0.99 or $1.21 for postage. Scammers have leveraged different domains to excel in their scam messages.