There has been an evolution in fileless techniques employed by threat actors. A new RAT, dubbed DarkWatchman, has emerged in the cybercrime underground that hides in the Windows Registry to slip past security solutions. The malware is distributed via specially-crafted phishing emails to target Russian companies.
In the latest update on Log4j2 vulnerability, Apache has released a new version of the software utility following the discovery of a Denial of Service (DoS) flaw. Meanwhile, lesser-known ransomware named TellYouThePass has resurfaced to exploit the flaw to target both Linux and Windows systems.
Top Breaches Reported in the Last 24 Hours
The U.S. Commission on International Religious Freedom (USCIRF) was reportedly targeted by a backdoor that compromised its internal network. The attack, termed as a classic APT-type operation, was launched to exfiltrate information exchanged with other government agencies.
Sporting websites affected
Around 1.8 million customers’ credit details were stolen following a cyberattack on four popular sporting goods websites. The affected firms are Tackle Warehouse LLC, Running Warehouse LLC, Tennis Warehouse LLC, and Skate Warehouse LLC. Investigations revealed that the stolen information included full names, financial account numbers, and website account passwords of customers.
Clop ransomware targets UK police
Operators of the Clop ransomware stole confidential information from the UK police and leaked it on the dark web. The attack took place in October, and the data gained included the data managed by Dacoll, including that of the Police National Computer (PNC), holding the personal information of 13 million records.
Top Malware Reported in the Last 24 Hours
New DarkWatchman malware
TellYouThePass ransomware emerges
The TellYouThePass ransomware has re-emerged to exploit the Apache Log4j flaw to target both Linux and Windows systems. The ransomware had remained inactive since the summer of 2020.
Top Vulnerabilities Reported in the Last 24 Hours
New Log4j patch fixes DoS flaw
Top Scams Reported in the Last 24 Hours
Threat actors are conducting a highly targeted phishing campaign targeting Pfizer. Believed to have started around August 15, the campaign has been designed to steal business and financial information from victims. The actors use PDF attachments with newly registered domains that appear as official Pfizer sites. The email accounts leverage these domains to bypass email protection solutions.