Threat Intelligence Cybersecurity Hacking News
Updated: Nov 29, 2022
Another malicious browser extension attack on the same day. Researchers discovered two malicious Chrome extensions called SearchBlox that were used to steal Roblox credentials and assets from Rolimons, a Roblox trading platform. More than 200,000 players have installed the extensions, which purport to provide users with Roblox servers of their choice. Docker images are once again being used for malicious purposes, as security experts discovered a stack of over 1600 images containing backdoors, DNS hijackers, and cryptocurrency miners.
In terms of security updates, Google issued an emergency patch to address a zero-day vulnerability in Chrome's desktop version. Following its exploitation in the wild, this is the eighth zero-day vulnerability to be patched in Chrome 2022.
Top Breaches Reported in the Last 24 Hours
WhatsApp user data is being sold.
Security experts are looking into a dataset that appears to contain information from nearly 500 million WhatsApp users from 84 different countries. Prices for the data range from $2000 to $7000 on cybercrime forums. The threat actor claims that the dataset contains over 32 million US user records.
DDoS attack on EU website
The European Parliament website was temporarily unavailable due to a DDoS attack launched by Russian hackers. Killnet, a pro-Kremlin group, has claimed responsibility for the attack.
Sonder reveals a data breach
Hospitality company Sonder confirmed a data breach that has potentially compromised guest records. Sonder learned of unauthorized access to one of its systems on November 14. The impacted records belong to those guests who made bookings prior to October 2021. The data included usernames and encrypted passwords, names, phone numbers, dates of birth, addresses, and email addresses of guests.
Top Malware Reported in the Last 24 Hours
SearchBlox malicious extension
Two malicious Google Chrome extension, both under the name SearchBlox, installed by more than 200,000 users was discovered stealing Roblox credentials, as well as assets on Rolimons. These extensions were distributed via Chrome Web Store and claimed to let players search Roblox servers at blazing speed but both contained a backdoor.
Malware-infested Docker images
Over 1600 publicly available Docker Hub images were infected with malicious payloads so as to launch cryptocurrency mining and DNS hijacking attacks. These compromised Docker images were also used to deploy backdoors and redirect victims to phishing websites. A few of these Docker images were embedded with SSH keys, AWS credentials, GitHub tokens, and NPM tokens to gain backdoor access to a victim’s network.
Top Vulnerabilities Reported in the Last 24 Hours
Chrome updated to fix a zero-day flaw
Google released an emergency security update for the desktop version of Chrome browser to address a zero-day vulnerability that is exploited in the wild. The high-severity flaw is tracked as CVE-2022-4135 and is a heap buffer overflow in the GPU component. Attackers can exploit the flaw to overwrite an application’s memory to manipulate the execution path and launch arbitrary code execution attacks.