Go to listing page

Cyware Daily Threat Intelligence, December 16, 2021

Cyware Daily Threat Intelligence, December 16, 2021

Share Blog Post

It’s a game of whack-a-mole for security teams addressing one of the worst security flaws of the year, Log4Shell. Researchers have now warned about a third separate security weakness in Log4j version 2.15.0 that can allow the exfiltration of sensitive data in certain circumstances. Unfortunately, the recently discovered second flaw affecting the logging utility has grabbed the attention of threat actors and is currently being exploited in the wild.

A new backdoor named Aclip has surfaced in the last 24 hours. One of the latest entries in the MuddyWater group’s arsenal, the malware is being used in an attack campaign to steal airline data. 

The notorious Emotet malware is back again on the threat heatmap as it resumes direct deployment of Cobalt Strike beacons for rapid cyberattacks.

Top Breaches Reported in the Last 24 Hours

Hackers steal $135 million
Users of the blockchain gaming company Vulcan Forged have been affected by a hacking incident. Following the attack, the attackers made away with around $135 million. They stole the private keys to access 96 wallets.

Top Malware Reported in the Last 24 Hours

New Aclip backdoor
Aclip is a new backdoor malware that is being used by MuddyWater threat actor group to steal airline data. The attack campaign abuses Slack API to evade detection. The malware is executed via a Windows batch script named ‘aclip.bat’. Upon execution, the backdoor collects basic system information such as hostname, username, and external IP address.

Emotet returns
Emotet is back in a new campaign. It is directly installing Cobalt Strike beacons in an attempt to expand cyberattacks. The penetration tool can be used by threat actors to spread laterally through a network, steal files, and deploy malware.

New variant of Phorpiex botnet found
A new variant of the Phorpiex botnet, called Twizt, was found targeting cryptocurrency users in 93 countries, including Ethiopia, Nigeria, and India. As many as 969 transactions have been intercepted by the new malware.

Top Vulnerabilities Reported in the Last 24 Hours

Third new flaw discovered affecting Log4j
A new separate security weakness affecting the Log4j version 2.15.0 has been found by researchers. The flaw, for which technical details are yet to be disclosed, can be exploited to exfiltrate sensitive data in certain circumstances. It is not clear if the issue has been fixed in version 2.16.0.

New combo-chips attack
Researchers have demonstrated a new attack technique called ‘combo-chips’ that leverages both Wi-Fi and Bluetooth chips. The attack can allow attackers to exfiltrate passwords and manipulate traffic on a user’s phone.

 Tags

log4shell vulnerability
combo chips attack
vulcan forged
bluetooth chips
aclip backdoor
phorpiex botnet
emotet malware

Posted on: December 16, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.