Go to listing page

Cyware Daily Threat Intelligence, December 18, 2020

Cyware Daily Threat Intelligence, December 18, 2020

Share Blog Post

The cybersecurity landscape is full of surprises, especially when it comes to new malware and attack methods. Lately, researchers have deciphered a new SoCGholish attack technique that can help cyber crooks impersonate software updates to trick users into executing malicious ZIP files. The software impersonated includes legitimate browsers, Flash, and Microsoft Teams.

There has also been a discovery of a new ransomware called CoderWare that is being distributed via fake Android and Windows Installers for the Cyberpunk 2077 game. The ransomware uses the RC4 algorithm to encrypt files.

Top Breaches Reported in the Last 24 Hours

NSA warns about cloud attacks
The US National Security Agency has issued a security advisory to warn people about two techniques that are being used to compromise local networks into cloud-based infrastructure. The advisory comes on the heel of the massive SolarWinds supply chain hack that has hit several US government agencies and private firms.

250,000 customers’ data affected
Ethical power supplier has revealed that details of its 250,000 customers have been affected due to a security flaw in its IT system. The hackers exploited the flaw in order to steal data from the system.

Top Malware Reported in the Last 24 Hours

CoderWare ransomware
Cybercriminals have been distributing fake Android and Windows installers for the Cyberpunk 2077 game which installs a ransomware called CoderWare onto the victims’ devices. These installers are distributed through cracks of copyright software and cheats.

Fake TousAntiCovid app
An unknown threat actor is making attempts to scam people using a fake COVID contact-tracing app called TousAntiCovid. The app is being used to distribute the Cerberus trojan.

Top Vulnerabilities Reported in the Last 24 Hours

Contact Form 7 flaw
A potential unrestricted file upload vulnerability in Contact Form 7 is found to have affected 5 million WordPress sites. Attackers can exploit the vulnerability to upload a file that can be executed as a script file on the underlying server. The flaw has been addressed with the release of the 7 5.3.2 version of the plugin.

Crypto authentication bypass
A severe authentication bypass vulnerability in Bouncy Castle can allow an attacker to gain access to user or administrator accounts due to cryptographic weakness. The flaw is tracked as CVE-2020-28052 and exists in the OpenBSDBcrypt class of Bouncy Castle which implements the Bcrypt password hashing algorithm.

SocGholish attack
Researchers have devised a highly active attack framework called SocGholish that impersonates legitimate browser, Flash, and Microsoft Teams updates to trick users into executing malicious ZIP files. This iFrame technique helps attackers end around basic web filtering based on website categories since they are delivered from legitimate categories.

 Tags

crypto authentication bypass
socgholish attack
coderware ransomware
contact form 7 flaw
fake tousanticovid app

Posted on: December 18, 2020


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!