Threat Advisory – July 14 – 20

Android Trojan

CySec News

Juniper Networks has pushed security updates to address several vulnerabilities affecting multiple products, some of which could be exploited to seize control of affected systems. The most critical of the flaws affect Junos Space and Contrail Networking, with the tech company urging customers to update to release versions 22.1R1 and 21.4.0, respectively.

Reference: https://thehackernews.com/2022/07/juniper-releases-patches-for-critical.html

 

A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment (SATA) or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder data.

Reference: https://thehackernews.com/2022/07/new-air-gap-attack-uses-sata-cable-as.html

 

Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. The adversaries are either masquerading or attacking these targets because they have unique access to non-public information that could help expand a cyberespionage operation.

Reference: https://www.bleepingcomputer.com/news/security/hackers-pose-as-journalists-to-breach-news-media-org-s-networks/

 

The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems.

Reference: https://thehackernews.com/2022/07/russian-hackers-using-dropbox-and.html

 

Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace.

Reference: https://thehackernews.com/2022/07/several-new-play-store-apps-spotted.html

 

A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA). The attackers then used the stolen credentials and session cookies to access affected users’ mailboxes and perform follow-on business email compromise (BEC) campaigns against other targets. Based on our threat data, the AiTM phishing campaign attempted to target more than 10,000 organizations since September 2021.

Reference: https://otx.alienvault.com/pulse/62cfdae1d229bd7943e0efee

 

In late June 2022, HP Wolf Security isolated an unusually stealthy malware campaign that used OpenDocument text (.odt) files to distribute malware. OpenDocument is an open, vendor-neutral file format compatible with several popular office productivity suites, including Microsoft Office, LibreOffice and Apache OpenOffice. As described in a blog post by Cisco Talos, the campaign targets the hotel industry in Latin America. The targeted hotels are contacted by email with fake booking requests. In the case below, the attached document was purportedly a guest registration document.

Reference: https://otx.alienvault.com/pulse/62d6a8c3abbfa5d5ea936d4a

 

In January 2022, a new browser hijacker/adware campaign named ChromeLoader (also known as Choziosi Loader and ChromeBack) was discovered. Despite using simple malicious advertisements, the malware became widespread, potentially leaking data from thousands of users and organizations. In this article, Unit42 researchers examine the technical details of this malware, focus on the evolution between its different versions and describe changes in its infection process. This article also reviews new variants that have not yet been publicly reported.

Reference: https://otx.alienvault.com/pulse/62cfdc330e8f4188c32a3518

CVE’s of the Week

VMWare

CVE-2022-31655 – Score 3.5

CVE-2022-31654 – Score 3.5

Cisco

CVE-2022-20862 – Score 4
CVE-2022-20859 – Score 9
CVE-2022-20815 – Score 4.3
CVE-2022-20813 – Score 4.3
CVE-2022-20812 – Score 8.5
CVE-2022-20808 – Score 4
CVE-2022-20800 – Score 4.3
CVE-2022-20791 – Score 4
CVE-2022-20768 – Score 3.5
CVE-2022-20752 – Score 5

Dell

CVE-2022-33936 – Score 10
CVE-2022-32481 – Score 7.2
CVE-2020-35169 – Score 7.5
CVE-2020-35168 – Score 7.5
CVE-2020-35167 – Score 7.5
CVE-2020-35166 – Score 7.5
CVE-2020-35164 – Score 7.5
CVE-2020-35163 – Score 7.5
CVE-2020-29508 – Score 7.5
CVE-2020-29507 – Score 7.5
CVE-2020-29506 – Score 7.5
CVE-2020-29505 – Score 5

Microsoft

CVE-2022-33680 – Score 5.1
CVE-2022-33675 – Score 4.6
CVE-2022-33674 – Score 5.8
CVE-2022-33673 – Score 5.5
CVE-2022-33672 – Score 5.5
CVE-2022-33671 – Score 4
CVE-2022-33669 – Score 4
CVE-2022-33668 – Score 4
CVE-2022-33667 – Score 5.5
CVE-2022-33666 – Score 5.5
CVE-2022-33665 – Score 5.5
CVE-2022-33664 – Score 4
CVE-2022-33663 – Score 5.5
CVE-2022-33662 – Score 5.5
CVE-2022-33661 – Score 5.5
CVE-2022-33660 – Score 4
CVE-2022-33659 – Score 4
CVE-2022-33658 – Score 4
CVE-2022-33657 – Score 5.5
CVE-2022-33656 – Score 5.5
CVE-2022-33655 – Score 5.5
CVE-2022-33654 – Score 4
CVE-2022-33653 – Score 4
CVE-2022-33652 – Score 4
CVE-2022-33651 – Score 4
CVE-2022-33650 – Score 4
CVE-2022-33644 – Score 4.4
CVE-2022-33643 – Score 5.5
CVE-2022-33642 – Score 6.5
CVE-2022-33641 – Score 5.5
CVE-2022-33637 – Score 4
CVE-2022-30214 – Score 6
CVE-2022-30213 – Score 2.1
CVE-2022-30187 – Score 1.9
CVE-2022-22711 – Score 4
CVE-2022-22050 – Score 7.2
CVE-2022-22049 – Score 7.2
CVE-2022-22048 – Score 6.6
CVE-2022-22047 – Score 7.2
CVE-2022-22045 – Score 6.9
CVE-2022-22043 – Score 7.2
CVE-2022-22042 – Score 4
CVE-2022-22041 – Score 9
CVE-2022-22040 – Score 7.5
CVE-2022-22039 – Score 6
CVE-2022-22038 – Score 6.8
CVE-2022-22037 – Score 8.5
CVE-2022-22036 – Score 4.4
CVE-2022-22034 – Score 7.2
CVE-2022-22031 – Score 7.2
CVE-2022-22029 – Score 6.8
CVE-2022-22028 – Score 4.3
CVE-2022-22027 – Score 6.8
CVE-2022-22026 – Score 7.2
CVE-2022-22025 – Score 5
CVE-2022-22024 – Score 5.1
CVE-2022-22023 – Score 6.9
CVE-2022-22022 – Score 3.6
CVE-2022-21845 – Score 4.7

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.