Cybercriminals appear to be losing interest in the Cobalt Strike penetration testing suite for their evil deeds. Threat actors have found alternatives in the open-source, cross-platform kit, Sliver. Healthcare and education sectors are once again under increasing threat from a new ransomware family, dubbed Agenda by researchers. Its ransom amount ranges between $50,000 and $800,000. It is suspected that threat actors behind Agenda might be offering ransomware services to affiliates outside their group.
Besides, the CISA warned organizations and agencies to patch a critical ICS-based RCE vulnerability in one of Delta Electronics products used for designing and programming HMIs. Also, this product has reached EOL; it is advised to switch to supported software.
Top Breaches Reported in the Last 24 Hours
LastPass fails security check
Hackers embezzled certain source code and technical information from the networks of password management service, LastPass. A hacker was able to gain access to part of the LastPass development environment via a compromised developer account. It stated that no customer data or encrypted passwords were accessed or stolen during the incident.
Top Malware Reported in the Last 24 Hours
Hackers move on from Cobalt Strike
Several state-sponsored groups and cybercrime gangs are hopping on to the Go-based Sliver security testing tool made by the cybersecurity company BishopFox, instead of using Cobalt Strike. Two threat groups, DEV-0237 and APT29 were observed using the Sliver tool. The former attempted to drop various ransomware payloads, such as Ryuk, Hive, Conti, and BlackCat, via malware including TrickBot and BazarLoader.
Agenda: A new ransomware family
Trend Micro took the wraps off of a new ransomware family, Agenda. Written in Golang, it has targeted Windows-based systems in the healthcare and education sectors in Indonesia, South Africa, Saudi Arabia, and Thailand. It reportedly asks for ransom ranging from $50,000 to $800,000 from its victims.
Top Vulnerabilities Reported in the Last 24 Hours
Delta Electronics’ bug in CISA’s book
The CISA added 10 security bugs to its Known Exploited Vulnerabilities Catalog, including a high-severity RCE flaw in the Delta Electronics DOPSoft 2 software. Tracked as CVE-2021-38406, it is an out-of-bounds write issue that can be exploited by making the targeted user open a malicious file. There is no data on the exploitation of the bug in the wild.
CERT-In points out flaw
A path traversal vulnerability in RarLab’s UnRAR may impact Linux and Unix systems, warned CERT-In. The bugs can be exploited to execute arbitrary code on the targeted systems. Additionally, a critical vulnerability in the Realtek software development kit was also highlighted. The zero-click bug exists due to improper bounds checking by the SIP ALG function. Users are requested to update their software to the patched version.