Cyware Daily Threat Intelligence

Daily Threat Briefing • Sep 1, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Sep 1, 2022
With billions of active users on TikTok, the platform cannot afford bugs that could compromise their accounts. However, security experts have observed a serious security lapse in the TikTok app for Android that could be abused to mount account takeover threats against its users. Fortunately, no instance of exploitation was reported or found by the researchers. In other news, a hacker was reportedly seen offering to sell a couple of iOS zero-day exploits for 2.5 million. Nothing to worry about as Apple has patched the bug.
The gaming sector has been a stronghold for cyber adversaries. If you’re a Final Fantasy 14 lover, you are warned about phishing texts that expect you to blabber account credentials through malicious QR codes.
OTP victim tally reaches over 1.5 million
Data of over 130,000 individuals enrolled with Common Ground Healthcare Cooperative has likely been accessed by ransomware actors through its mailing vendor, OneTouchPoint (OTP). Previously, the vendor had issued a notice about the breach impacting 1.07 million individuals across nearly 30 health plans. The recent disclosure from CGHC and other healthcare services took the victim count to over 2.7 million.
Migration policy organization hacked
The International Centre for Migration Policy Development (ICMPD), which operates in about 90 countries, disclosed a breach event. The investigation to understand the scope of damage in terms of data stolen or accessed is ongoing. Meanwhile, hackers claimed to have stolen 375 GB of confidential data, such as contract scans, financial and insurance documents, invoices, passports, mailboxes of key members, and more.
Breach at Chile’s Ministry of Interior
The online services of National Consumer Service (Sernac), Chile, were disrupted in the wake of a ransomware attack. Hacker targeted both Windows and VMware ESXi servers and encrypted files were renamed with the .crypt extension. To prevent other organizations from similar attacks, authorities have made public some Indicators of Compromise (IoC).
MiniStealer’s builder and panel for free
A cybercriminal, according to Cyble Research and Intelligence Labs, has released MiniStealer’s builder and panel on a cybercrime forum at no cost. Such builders help less experienced hackers create malicious payloads. However, Ministealer has been observed to compromise FTP applications and Chromium-based browsers. The seller alleges that the builder can be used against Windows 7, Windows 10, as well as Windows 11.
**TikTok vulnerability threatens account-takeover **
Microsoft’s 365 Defender Research Team uncovered a security glitch in the TikTok app for Android that could be abused by hackers to hijack any user account just by clicking on a specially crafted link. The researchers managed to bypass a verification process to potentially weaponizable some functions within the app. So far, there’s no evidence it was exploited by bad actors.
Watchguard Firewall bugs patched
Multiple security bugs in two main WatchGuard firewalls - WatchGuard Firebox and XTM Appliances. Rated medium to critical severity, these flaws opened the scope for a variety of appliance abuse. Two of the flaws in combination could let an attacker obtain pre-authentication remote root access in affected appliances. The other three flaws were blind Xpath injection, integer overflow, and privilege escalation.
Apple fixes****WebKit issue
Patches for older iPhone and iPad devices were released in the light of an actively exploited vulnerability, tracked as CVE-2022-32893. It impacts WebKit and can be manipulated to achieve arbitrary code execution as soon as a user visits a malicious website via crafted web content. Another zero-day identified as CVE-2022-32894, also a code execution flaw, was addressed by the firm.
QR code phishing scam
Online role-playing game Final Fantasy 14 has recently been targeted by cybercriminals sending direct messages to other players. The scam involves redirecting victims to image hosting services containing screenshots of a fake tweet from the official Final Fantasy 14 account. The tweet has a bogus QR code that takes the victim to a fake login portal for obtaining their credentials.