Go to listing page

Cyware Daily Threat Intelligence August 25, 2021

Cyware Daily Threat Intelligence August 25, 2021

Share Blog Post

Backdoors are hard to spot, but not for those who are using them. A new undocumented modular backdoor dubbed SideWalk associated with the SparklingGoblin threat actor group has come under the lens of security analysts. Claimed to be similar to the CrossWalk backdoor, the malware was used in a recent campaign targeting organizations in the U.S.

The rising popularity of digital currency has again come under threat as OpenSea users are being tricked into losing their funds and NFTs in an ongoing phishing attack. The attackers are pretending to be official support representatives for the marketplace and providing fake assistance to users in need over Discord. More details about the Pysa ransomware operation have also emerged in the past 24 hours, with the discovery of a PowerShell script used by the gang.

Top Breaches Reported in the Last 24 Hours

Data breach at Chico State University
A data breach at Chico State University exposed the personal information of around 130 students. The exposed information included names, phone numbers, and the COVID-19 vaccination status of the students.

Pysa ransomware woes
A PowerShell script used by the Pysa ransomware shows that the gang is seeking out files containing financial or personal information of the victims. The script includes a list of 123 keywords that helps the threat actors perform manual sweeps of data.

OpenSea users targeted
OpenSea users are being targeted in an ongoing phishing attack that steals their cryptocurrency funds and NFTs. The attackers pretend to be official support representatives for the marketplace and provide fake assistance to users in need over Discord.

Top Malware Reported in the Last 24 Hours

New SideWalk backdoor
A newly discovered SideWalk backdoor was used in a recent campaign that targeted U.S. organizations. The malware shares similarities with the CrossWalk backdoor and leverages Google Docs as a dead drop resolver and Cloudflare workers for C2 communications. The malware is believed to be a work of the SparklingGoblin threat actor group.

The return of Joker malware
Several Android apps have been identified hiding Joker malware that is capable of stealing information and even users’ funds. Some of the affected apps include Auxillary Message, Element Scanner, Fast Magic SMS, Free CamScanner, Go Messages, Great SMS, Private SMA, Style Photo Collage, Paper Doc Scanner, and Blue Scanner.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable ConnectedPDF service
A remote code execution vulnerability impacting the FoxitPhantomPDF can be abused to inject malicious code onto the affected systems. The flaw exists within the ConnectedPDF service and has a CVSS score of 7.5. The flaw received a patch in July 2021.

OpenSSL vulnerability
A buffer overflow vulnerability discovered in the OpenSSL Project has been patched with the release of version 1.1.1l. The flaw, tracked as CVE-2021-3711, could be exploited by attackers to change an application’s behavior or cause the app to crash.

New iOS zero-day exploit
A new Apple iOS zero-click vulnerability has been exploited to hijack data from fully patched iPhones belonging to targets in Bahrain. Researchers claim that the exploit for this vulnerability, dubbed FORCEDENTRY, is capable of defeating the BlastDoor sandbox.

Top Scams Reported in the Last 24 Hours

New Hampshire town loses $2.3 million in scam
A New Hampshire town announced that it was scammed out of $2.3 million by scammers in multiple impersonation scams. In one of these scams, the scammers posed as school district staff and forged documents to steal around a million dollars from the district. Several weeks later, cybercriminals used the same approach to steal a payment intended for contractors working on the Main Street Bridge project.

 Tags

hampshire town

Posted on: August 25, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.