We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 21, 2022

The CISA noted a total of seven vulnerabilities in the power distribution units made by Dataprobe in its latest industrial control systems advisory. These vulnerabilities could allow a cybercriminal to pull off unauthenticated remote code execution while also laying bare sensitive information. In another case of fixing a flaw, Parse Server has addressed a security gap that puts highly sensitive user data at risk. The vulnerability description as per Github advisory comprises internal fields and protected fields that can be used as query constraints.

Hackers are always on the hunt for targeting users in the banking sector. In connection with this, top Indian banks are issuing warnings to all its customers against the SOVA mobile banking trojan targeting over 200 applications.

Top Breaches Reported in Last 24 Hours

NYRA breached by Hive operators

Hive ransomware group claimed responsibility for the New York Racing Association (NYRA) cyberattack. On their extortion website, the organization listed NYRA as a victim and published a ZIP download containing all of the files stolen from their computers. Hive was able to steal members' personal information, including health records, health insurance information, driver's license identification numbers, and SSNs.

**RedLine infects Video Game publisher **

2K, an American video game publisher, acknowledged that hackers gained access to one of its vendors' credentials to reach their help desk, used to provide support to all of its gamers. Attackers sent an email to certain players with a malicious link disguised as support tickets. When users open the tickets, they receive another email from claimed 2K representative Prince.K that included links to download a file containing the RedLine information-stealing malware.

Record DDoS attack on a Chinese company

A cybersecurity firm has reported that it thwarted a significant four-hour-long DDoS attack targeting an unnamed Chinese telecommunications business. The attackers sent repeated requests using HTTP/2 multiplexing, and as many as 25.3 billion requests were recorded in June alone. The attack was launched through a botnet of nearly 170,000 different IP addresses spread across more than 180 countries, primarily the U.S, Indonesia, and Brazil.

Top Malware Reported in Last 24 Hours

SOVA trojan targets the banking sector

A novel banking malware campaign leveraging the SOVA Android trojan seems to be targeting over 200 mobile applications, including banking apps and crypto wallets. This malware is distributed via smishing attacks. Once the fake app is installed, the malware accesses the user's credentials when they login to their bank accounts. The trojan is capable of stealing cookies, collecting keystrokes, intercepting MFA tokens, and even copying infected applications.

Top Vulnerabilities Reported in Last 24 Hours

Parse Server patches a critical bug

Parse Server, an open source project backend infrastructure, was patched to fix a security bug identified as CVE-2022-36079. If exploited, the security hole permitted brute-force-styled attacks to access confidential user data on the Node.js API server and Express WAF modules. The bug was patched in versions 4.10.14 and 5.2.5 of the parse-server NPM package with all prior versions on these release lines affected. The patch requires the master key to use internal and protected fields as query restrictions.

Critical vulnerabilities in power distribution units

The CISA warned of seven system vulnerabilities in Dataprobe's iBoot-PDU power distribution unit product in its alert. CVE-2022-3183 and CVE-2022-3184 have been recognized as two firmware flaws, and the remaining five discovered vulnerabilities span from CVE-2022-3185 to CVE-2022-3189. If the first two vulnerabilities are exploited, attackers will be able to interrupt essential services. The remaining five holes allow hackers to gain access to the administrative page and expose sensitive data.

Prototype bug bypasses Sanitizer API

Attackers managed to bypass the Sanitizer API, a built-in browser library, courtesy of the prototype pollution bug in the Chromium project. Using prototype pollution, attackers can manipulate an application's behavior in various ways and compromise it by abusing the rules of JavaScript. Prototype pollution can happen both on the client side i.e browser and on the server side i.e Node.js servers.

Related Threat Briefings