Cyware Daily Threat Intelligence

Daily Threat Briefing • Nov 25, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Nov 25, 2022
Another day, another new malicious browser extension attack. Researchers uncovered two malicious Chrome extensions under the name of SearchBlox, that were used to pilfer Roblox credentials as well as assets on Rolimons, a Roblox trading platform. More than 200,000 players have installed the extensions that pretend to offer users Roblox servers of their choice. Docker images are again being leveraged for malicious activities as security experts unearthed a stack of over 1600 images embedded with backdoors, DNS hijackers, and cryptocurrency miners.
Coming to security updates, Google released an emergency patch to fix a zero-day vulnerability in the desktop version of Chrome browser. This is the eighth zero-day vulnerability to be patched in Chrome 2022, following its exploitation in the wild.
WhatsApp user data on sale
Security experts are investigating a dataset that appears to contain data from nearly 500 million WhatsApp users from 84 countries. The data is being sold on cybercrime forums for prices ranging from $2000 to $7000. Threat actor claims that there are over 32 million US user records included in the dataset.
EU website hit by DDoS attack
The European Parliament website was temporarily down following a DDoS attack that was launched by Russia-based hackers. A pro-Kremlin group, Killnet, has claimed responsibility for the attack.
Sonder reveals a data breach
Hospitality company Sonder confirmed a data breach that has potentially compromised guest records. Sonder learned of unauthorized access to one of its systems on November 14. The impacted records belong to those guests who made bookings prior to October 2021. The data included usernames and encrypted passwords, names, phone numbers, dates of birth, addresses, and email addresses of guests.
SearchBlox malicious extension
Two malicious Google Chrome extension, both under the name SearchBlox, installed by more than 200,000 users was discovered stealing Roblox credentials, as well as assets on Rolimons. These extensions were distributed via Chrome Web Store and claimed to let players search Roblox servers at blazing speed but both contained a backdoor.
**Malware-infested Docker images **
Over 1600 publicly available Docker Hub images were infected with malicious payloads so as to launch cryptocurrency mining and DNS hijacking attacks. These compromised Docker images were also used to deploy backdoors and redirect victims to phishing websites. A few of these Docker images were embedded with SSH keys, AWS credentials, GitHub tokens, and NPM tokens to gain backdoor access to a victim’s network.
Chrome updated to fix a zero-day flaw
Google released an emergency security update for the desktop version of Chrome browser to address a zero-day vulnerability that is exploited in the wild. The high-severity flaw is tracked as CVE-2022-4135 and is a heap buffer overflow in the GPU component. Attackers can exploit the flaw to overwrite an application’s memory to manipulate the execution path and launch arbitrary code execution attacks.