Cyware Daily Threat Intelligence
Daily Threat Briefing • Sep 6, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Sep 6, 2022
Another day, another new malware. Researchers at AT&T Alien Labs disclosed a potential malware threat, dubbed Shikitega, which is delivered via a multistage infection chain. The malware abuses vulnerabilities in the compromised systems to gain privileges, maintain persistence, and execute cryptominer. Also, read about QNAP and Deadbolt's ongoing cyber battle. The recent development marks the fourth round of attacks by the gang members on QNAP NAS appliance users since January.
Meanwhile, a privilege escalation flaw in the web CMS Squiz Matrix was reported by security researchers. It could be exploited by altering an administrator’s email to an attacker-controlled address, leading to an account takeover.
Unconfirmed TikTok breach
Several security experts claimed the leakage of over 2TB of TikTok records through a breach in its internal server. The leak allegedly includes internal statistics, code, and 790 GB worth of user data. The forum member, who uses the handle AgainstTheWest, posted screenshots as proof of the breach. It also includes data stolen from WeChat.
Ransomware cripples LA Unified School District
IT systems, including email servers, at the Los Angeles Unified School District were disrupted in the wake of a cyberattack. The attack by a ransomware group had barely any impact on critical business systems, employee healthcare, and payroll operations. More details on the incident are awaited as an investigation is underway.
New malware against Linux users
Shikitega has surfaced as a new malware threat, targeting endpoints and IoT devices running Linux. The malware downloads and executes Metasploit’s Meterpreter to take control of infected machines. It is possible that an attacker can gain full control of the system and persist for cryptomining purposes. The main dropper of the malware is an ELF file of 370 bytes.
QNAP-DeadBolt lock horns, once again
QNAP has warned its customers of ongoing cyberattack attempts by the operators of DeadBolt ransomware. According to reports, hackers are exploiting a zero-day flaw in Photo Station. A security patch is out but users can also replace Photo Station with QuMagie, a photo storage management tool.
Account takeover bug in web CMS
A vulnerability was reported in Squiz Matrix web CMS during a pen-test engagement by Trustwave SpiderLabs. The Indirect Object Reference (IDOR) vulnerability could let an attacker abuse admin rights on targeted installations. The CMS tool serves over 280 organizations, including governments, businesses, and educational institutions in
Australia and the U.K.