Cyware Daily Threat Intelligence

Daily Threat Briefing • May 31, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • May 31, 2022
Microsoft has given a workaround against Follina, the high-severity bug in the Microsoft Office productivity suite that we reported yesterday. Unsecured databases make the cyber landscape more vulnerable to cybersecurity incidents. From staff data to source code details to plain-text passwords and secret keys, a Turkish airline was found blurting it all out online.
The U.S. tax season is here and scammers look excited. One such group was seen impersonating Intuit support teams to steal personal data or install malware on infected devices.
Turkish airline exposes confidential data
SafetyDetectives reported that Pegasus Airlines, a low-cost Turkish airline, inadvertently exposed nearly 6.5TB records all in all. It contained the PII of the flight crew alongside Electronic Flight Bag (EFB) information and other sensitive information, such as source code and flight data. It occurred due to a misconfigured AWS bucket. Experts surmised that the leak may have given threat actors access to critical data that can let hackers tamper with it.
Medical data compromised in Australia
Sydney-based software and analytics provider for the disability and care sectors, CTARS suffered a breach of its cloud-based client management system used by National Disability Insurance Scheme (NDIS) service providers. Reports claim that a large chunk of sensitive data was stolen during the incident, which began on May 15.
XLoader gets an upgrade
Researchers at CPR stumbled across a new version for XLoader (v2.6) that boasts significant modifications in key parts of the malware. With a long emulation time in the newer version, the sample accesses more than 16 domains, unlike earlier versions. The main update in XLoader concerns network communication.
Microsoft addresses a critical flaw
Zero-day allowing code execution in Office products, tracked as CVE-2022-30190, has received a temporary solution from its makers, if not a patch yet. Microsoft has shared mitigation measures wherein admins and users can block attack attempts exploiting the flaw by disabling the MSDT URL protocol. Further, it is also advised to disable the Preview pane in Windows Explorer.
QuickBooks accounts on target
A new QuickBooks phishing effort has been discovered in the wild that can steal users’ account information. The success of this phishing campaign relies on consumers falling for account suspension messages. With 4.5 million users globally for Intuit's QuickBooks, it looks like a major threat especially around the tax season in the U.S.