Go to listing page

Cyware Daily Threat Intelligence, December 14, 2021

Cyware Daily Threat Intelligence, December 14, 2021

Share Blog Post

While security teams around the globe are scrambling to fix the critical Log4Shell vulnerability, its ubiquity has put the internet on high alert as attackers ramp up their efforts to target vulnerable systems. A new report reveals that threat actors are now exploiting the flaw to target Windows machines with Khonsari ransomware and Orcus trojan. Feeling tense already? Here’s another worrying news. There are more than 10 malware families that can be propagated by exploiting the vulnerability. Highlighting the severity of the situation, the CISA has warned that hundreds of millions of devices are likely at risk of cyberattacks.

Amidst these evolving threats, organizations continue to build security by issuing updates for their applications. Google announced a Chrome 96 update that patches five vulnerabilities, including a zero-day flaw. Apple rolled out a new version of iOS 15 that addresses 42 security flaws.

Top Breaches Reported in the Last 24 Hours

Kronos service outage
Kronos, the workforce management platform, has been hit with a ransomware attack that left some of its cloud services unavailable for several weeks. This has affected the payroll systems and other HR activities of its customers such as Tesla, Puma, and YMCA, among others.

Top Malware Reported in the Last 24 Hours

Khonsari ransomware
Attackers are making attempts to exploit the critical Log4Shell vulnerability to infect Windows systems with Khonsari ransomware and Orcus trojan. The ransomware uses the .khonsari extension to append the encrypted files and later displays a ransom note to victims.

TinyNuke malware campaign
TinyNuke banking trojan has resurfaced in a new attack campaign that targets French users and organizations. The attack uses invoice-themed emails as a lure to target individuals. Organizations in manufacturing, technology, construction, and business services are the primary targets of the trojan.

New Owowa malware
Owowa is a new malware that targets Microsoft Exchange servers. The malware is capable of stealing credentials from the OWA login page and allowing attackers to run commands on the underlying server.

Top Vulnerabilities Reported in the Last 24 Hours

CISA’s warning for Log4Shell
The CISA has warned that the severe Log4Shell vulnerability is likely to affect hundreds of millions of devices worldwide. The zero-day remote code execution flaw can allow an attacker to take over affected devices.

Apple issues security updates
Apple has rolled out iOS 15.2 that includes security patches for 42 vulnerabilities. Many of these flaws could lead to remote code execution attacks by sending malicious images or audio files. The code execution flaws affect ColorSync, CoreAudio, ImageIO, Model I/O, and WebKit components. Among the other vulnerabilities are use-after-free flaw, memory corruption flaw, and buffer overflow issue.

Chrome 96 updated
An updated version of Chrome 96 includes patches for five vulnerabilities, including a zero-day flaw that has been exploited in real-world attacks. The zero-day flaw, tracked as CVE-2021-4102, is identified as a use-after-free issue in the V8 JavaScript engine.

 Tags

tinynuke banking trojan
log4shell vulnerability
webkit component
orcus trojan
coreaudio component
owowa malware
khonsari ransomware

Posted on: December 14, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.