Go to listing page

Cyware Daily Threat Intelligence August 12, 2021

Cyware Daily Threat Intelligence August 12, 2021

Share Blog Post

Threat actors are having a field day with trojans and cryptocurrency miners. In the past 24 hours, researchers have uncovered a new AdLoad trojan targeting Macs in an ongoing attack campaign that has been active since November 2020. In a different instance, JDWPMiner has been found assisting its operators in a malicious mining campaign that exploits an RCE vulnerability in JDWP.

Lookout, your router can be at risk of cyberattacks as researchers disclose the PoC of a newly discovered authentication bypass vulnerability. Recent investigation reveals that attackers have begun exploiting the critical vulnerability in the wild to launch attacks.       

Top Breaches Reported in the Last 24 Hours

Waste Management Resources affected
A data breach at Waste Management Resources had exposed the health information of its employees. The information exposed included names, Social Security numbers, dates of birth, and bank account numbers of employees. The incident had occurred in January. 

Data Breach at Georgia hospital
St. Joseph’s/Candler (SJ/C) hospital system in the state of Georgia is notifying its patients about a ransomware attack that lasted six months. Following the attack, the employees were forced to use pen and paper to complete documentation. Investigation reveals that the attackers had gained unauthorized access to sensitive information belonging to both SJ/C patients and employees. 
 
Top Malware Reported in the Last 24 Hours

New AdLoad malware variant
A new variant of AdLoad trojan is slipping through Apple’s YARA signature-based XProtect antivirus to infect Mac systems. Researchers have linked the malware variant with an ongoing attack campaign that is active since November 2020.  

JDWPMiner mining trojan
Researchers detected a malicious attack that exploited an RCE vulnerability in JDWP to spread a malware dubbed JDWPMiner. The purpose of the attack was to mine cryptocurrencies on vulnerable systems.  

StealthWorker botnet attack
The StealthWorker botnet is targeting Synology NAS devices using brute force attacks that could lead to ransomware intrusion. The company has notified Taiwan CERT and potentially affected customers about the attack. 

Top Vulnerabilities Reported in the Last 24 Hours 

Flaws in Legacy AT&T Xmill
Multiple vulnerabilities discovered in AT&T Labs’ Xmill utility can allow attackers to launch a variety of malicious attacks. The flaws are related to the application’s memory corruption and remote code execution. They affect version 0.7 of the utility, which according to AT&T is no longer supported.  

Vulnerable cPanel & WHM
Web hosting platform cPanel &WHM has been found to be vulnerable to remote code execution and cross-site scripting vulnerabilities. The patches for these flaws are yet to be released.

Another unpatched Print Spooler vulnerability
Microsoft has issued a warning about an unpatched Windows Print Spooler vulnerability that can lead to remote code execution. Tracked as CVE-2021-36958, the vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. In other news, one of the two previously disclosed PrintNightmare vulnerabilities has been exploited by the Magniber ransomware to breach Windows systems in South Korea. 

Flaws in SAP products
SAP has released 19 new security advisories for nine critical vulnerabilities affecting its multiple products. One of the critical vulnerabilities is related to an unrestricted file upload issue (CVE-2021-33698) affecting SAP Business One. 

Intel patches high-severity flaws
Intel has released six new security advisories to inform customers about a total of 15 vulnerabilities found across several products. One of these flaws affects Intel NUC 9 Extreme laptop kits that can be exploited by attackers to escalate privileges. The other affected products include NUC Pro Chassis Element AverMedia Capture Card drivers, Optane Persistent Memory, graphics drivers, and 800 series network adapters and controllers. 

Bypass authentication bug in routers
Millions of routers are at risk of attacks following a critical vulnerability that circumvents the authentication process. The flaw is tracked as CVE-2021-20090 and has a CVSS score of 9.9. The affected vendors include Asus, British Telecom, Deutsche Telekom, Orange, Verizon, Telstra, and Telus. Researchers believe that attackers have started exploiting the vulnerability two days after the release of the PoC.  

 Tags

bypass authentication bug
stealbit
print spooler vulnerability
jdwpminer mining
adload trojan

Posted on: August 12, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.