We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 8, 2022

Gaps in prioritizing cybersecurity in the education sector are visible through the naked eye. A major breach had struck the Los Angeles Unified School District (LAUSD) a few days back and now U.S. authorities have cautioned education institutions against Vice Society ransomware attacks. A critical bug has also been reported in HP Support Assistant, which comes pre-installed in HP systems. The DLL hijack flaw can be abused by a hacker who already has penetrated a system via low-privileged malware or a RAT tool.

Another bug—with a CVSS score of 8.6—was reported in multiple Cisco products. By exploiting it, a cybercriminal could hijack the system either to create DoS conditions or impact the proprietary data.

Top Breaches Reported in the Last 24 Hours

Credential stuffing attack victimizes clothing firm

Known apparel brand The North Face has suffered a credential stuffing attack, exposing personal details of nearly 200,000 customer accounts. Victims of the incident will have to enter a new password and once again verify their payment card details to make a purchase. The firm further clarified that it doesn’t store payment details like credit card data on the site. It is the second credential stuffing attack on the brand in about two years.

French-speaking nations in Africa targeted

Check Point shared details about DangerousSavanna, an attack campaign claiming victims in the form of major financial and insurance companies in Africa. The countries it targeted include Ivory Coast, Morocco, Senegal, Cameroon, and Togo. It deploys off-the-shelf malware and hacking tools such as Metasploit, DWservice, PoshC2, and AsyncRAT through spear-phishing techniques.

Top Malware Reported in the Last 24 Hours

Education sector vs Vice Society ransomware

A joint advisory by U.S. officials highlighted threats to the education sector by the Vice Society ransomware group. The advisory recommends entities in the education sector take the right defensive measures, such as maintaining offline data backups and ensuring that all backup data is encrypted, and reviewing and monitoring the security posture of third-party vendors.

Ex-Conti members attack Ukraine

Google's Threat Analysis Group revealed that former members of the Conti ransomware group have launched at least five different campaigns targeting Ukrainian entities between April and August. Also known as UAC-0098, the threat group has added European humanitarian and non-profit organizations to its hit list. It reportedly worked with Conti as an initial access broker.

Top Vulnerabilities Reported in the Last 24 Hours

Bug in HP Support Assistant

HP warned against a newly high-severity bug in HP Support Assistant, a software tool that comes embedded on all HP desktop and laptop systems. It is a DLL hijacking flaw that gets triggered when a user attempts to launch HP Performance Tune-up from within HP Support Assistant. The bug is tracked as CVE-2022-38395. HP recommends customers using version 9.x to update to the latest version.

Cisco fixes multiple vulnerabilities

Cisco released patches for three security flaws, including a critical flaw disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK). The sensitive flaw, identified as CVE-2022-28199, can allow a remote hacker to trigger DoS conditions and also cause concern for data integrity and confidentiality.

**New Threat in the Spotlight **

Iranian APT infects using ransomware

Iranian threat actor Phosphorus, known for exploiting high-severity bugs, has added ransomware attacks to its arsenal of attacks. Microsoft's threat intelligence division revealed that the group has begun encrypting files on compromised devices using the built-in BitLocker tool. DiskCryptor is another ransomware tool opportunistic Iranian actors started using earlier this year.

Related Threat Briefings