Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 29, 2022

Amazon Photos jeopardized sensitive user data owing to a flawed component in its mobile app. The vulnerability could let an attacker harvest Amazon access tokens used for API authentication. An UnRAR vulnerability has been found that may infect any software using it, including the Zimbra collaboration suite. The vulnerability reportedly concerns the UnRAR versions for Unix-based systems.

SOHO routers are falling victim to ZuoRAT, a new threat plaguing North American and European users. The multi-stage ZuoRAT malware can spread widely with in-depth network reconnaissance capabilities and deploy payloads using DNS and HTTP hijacking.

Top Breaches Reported in the Last 24 Hours

RansomHouse targeted AMD

As per its own claims, extortion group RansomHouse penetrated the systems of processor manufacturer AMD to steal about 450 GB of data. The group, however, said it did not breach the networks themselves but rather acted as a negotiator on behalf of its partner who allegedly attacked the firm. The stolen data trove may include research and financial information from the firm.

U.K’s food distributor suffered breach

Apetito, a service that delivers prepared meals to thousands of vulnerable people in England, was hit by a sophisticated cyberattack. The frozen-food distributor isn’t sure about what all data has been compromised in the attack. However, it assured that there wasn’t any payment data involved in the incident.

Top Malware Reported in the Last 24 Hours

**ZuoRAT hides within SOHO Routers **

A new malware, dubbed ZuoRAT, is propagating through SOHO routers as part of a sophisticated campaign aimed at networks in North American and European regions. An investigation into the case divulged that the trojan can cripple routers from multiple brands, such as ASUS, DrayTek, Cisco, and NETGEAR.

AstraLocker 2.0 spreads via Office

Researchers at ReversingLabs observed a new phishing attack dropping AstraLocker ransomware strain through Microsoft Office files. The ransomware deployment begins right after the target opens the malicious file attachment. Studies revealed that the underlying code for AstraLocker 2.0 appears to be borrowed from the Babuk ransomware source code leak in September 2021.

Top Vulnerabilities Reported in the Last 24 Hours

UnRAR bug intimidates Zimbra Suite

RARlab's UnRAR utility was found to be affected by a path traversal vulnerability in its Unix versions. Tracked as CVE-2022-30333, the bug could allow remote hackers to conduct arbitrary code execution on a vulnerable system by extracting a maliciously crafted RAR archive. Any software or program utilizing an unpatched version of UnRAR to extract archives from untrusted sources is impacted by the flaw, including includes Zimbra mail server.

High-severity flaw in Amazon Photos

Checkmarx disclosed a flaw in the Amazon Photos app for Android that has over 50 million downloads through the Play Store. A misconfigured app component exposed its manifest file to anyone without authentication. An individual could abuse this flaw to steal Amazon access tokens used for Amazon API authentication via a malicious app installed on the affected device.

**Microsoft fixes FabricScape **

After it was pointed out by Palo Alto Networks' Unit 42 researchers, Microsoft addressed a container escape vulnerability, dubbed FabricScape, that may let attackers take control of Azure Linux clusters. Identified as CVE-2022-30137, the flaw lies in the Service Fabric (SF) application hosting platform. If exploited, it could lead to privilege escalation and affect the entire SF Linux cluster.

Related Threat Briefings