Cyware Daily Threat Intelligence

Daily Threat Briefing • May 27, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • May 27, 2022
Zyxel flaws have been making headlines for the past two weeks, but the recent patch alert is especially important for U.S. firms. Another patch came from Cisco that addresses a severe heap overflow bug, which an unauthorized user can abuse to launch DoS attacks.
Furthermore, cybercriminals were found dropping an updated version of Magniber ransomware on Windows 11 machines. The malware uses the RSA+AES encryption scheme to encrypt files. Also, do watch out for a WhatsApp scam that can compromise your account in just a few minutes.
Ransomware setback for a New Jersey county
A ransomware attack crippled the networks of Somerset County, New Jersey. The attack disrupted most of its online services such as email services, as well as access to land records, vital statistics, and probate records. While some of its services were restored, it is expected that the situation will be back to normal in a week or so.
**Magniber meets Windows 11 users **
A new variant of the Magniber ransomware was spotted in a new attack aimed at Windows 11 systems. The attack is propagated via various online forums, cracked software websites, and fake pornographic websites, among others. Hackers ask victims to pay the ransom within five days or threaten to double the ransom amount.
Cisco tackled heap overflow attack
Cisco addressed a heap overflow vulnerability, tracked as CVE-2022-20737 (CVSS 3.0 score of 8.5) in Cisco Adaptive Security Appliance (ASA). By abusing the vulnerability, an attacker may trigger a DoS condition and gain access to sensitive data such as session cookies, various configuration data, usernames, and passwords.
Zyxel warns against flaws
Zyxel alerted its clients against four bugs concerning its firewall, AP Controller, and AP products. These could be exploited to compromise targeted systems and harvest sensitive data from machines. Though these bugs are not critical, the firm has still strongly urged network admins to upgrade their devices without much delay.
Urgent patch for VMware customers
Security researchers at Horizon3 released a PoC exploit and technical analysis for a critical authentication bypass vulnerability affecting multiple VMware products. A threat actor can exploit the critical flaw, CVE-2022-22972, to gain privileged access. Hence, customers were urged to install patches immediately. The flaw affects Workspace ONE Access, vRealize Automation, and VMware Identity Manager (vIDM).
Whatsapp Hijack in minutes
CloudSEk unearthed a new WhatsApp scam that enables hackers to hijack users’ accounts using a simple phone call. First, hackers call on a victim’s numbers starting with ’67’ or ‘405,’ and then convince them for a callback. If and when it happens, the users will be logged out of their WhatsApp account and hackers would get complete control of the account, within a few minutes.