Go to listing page

Cyware Daily Threat Intelligence, December 22, 2021

Cyware Daily Threat Intelligence, December 22, 2021

Share Blog Post

The shady world of ransomware extortion is experiencing a significant upheaval as researchers notice a surge in attacks from PYSA ransomware. It has been found that the relatively new ransomware was behind 50% of attacks that occurred in November. In another concerning revelation, threat actors have created a new exploit that bypasses the patch for the MSHTML remote code execution flaw. Apparently, the updated exploit was used in a recent attack to deliver Formbook malware.

There’s an alert for WordPress admins using the ‘All in One SEO’ plugin as well. The plugin is affected by two serious vulnerabilities that can be abused by threat actors to take over unpatched websites. So, update the plugin to the latest version to prevent attacks.

Top Breaches Reported in the Last 24 Hours

Misconfigured AWS bucket issue
A misconfigured AWS S3 bucket exposed data of 700,000 citizens in Ghana. The unprotected bucket, which contained 55GB worth of data, belonged to Ghana’s National Service Secretariat.  The exposed data included program membership cards, Ghana National Health Insurance scheme, and professional IDs of individuals.

Virginia working on ransomware attack
The IT agency that serves Virginia’s legislature is still struggling with the aftermath of a ransomware attack that occurred earlier this month. The attack had disrupted operations set up for a legislative session that is set to start on January 12.

Top Malware Reported in the Last 24 Hours

PYSA dominates the threat landscape
There has been an uptick in attacks by PYSA ransomware. Research reveals that ransomware was behind 50% of attacks that occurred in November. Until September, PYSA was believed to be targeting Windows systems, but later it was found that the ransomware was ready to target Linux machines as well.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft patches four flaws
Microsoft has patched four vulnerabilities found in its Teams video conferencing app. The flaws could allow attackers to spoof link previews, leak IP addresses, and even access internal services. The flaws are related to SSRF vulnerability and DoS flaw, among others.

Exploit for MSHTML flaw updated
Researchers found an updated exploit for the MSHTML remote code execution flaw that bypassed the patch meant for the flaw. Threat actors had leveraged the flaw to deliver Formbook malware to Windows machines.

Flawed All in One SEO plugin fixed
Two severe vulnerabilities affecting the ‘All in One SEO’ plugin could have put more than three million WordPress websites at risk of cyberattacks. Described as authentication privilege escalation (CVE-2021-25036) and SQL injection (CVE-2021-25037), the flaws have been addressed with the release of a new version of the plugin.

Top Scams Reported in the Last 24 Hours

Users scammed of $150,000
Scammers stole $150,000 worth of crypto in a scam that leveraged a limited edition NFT from Fractal. The scam was executed through a link posted on the project’s official Discord channel. Users who followed the link were prompted to connect their crypto wallets in order to receive an NFT.

 Tags

mshtml remote code execution flaw
ghanas national service secretariate
misconfigured aws s3 bucket
pysa ransomware
all in one seo plugin
microsoft teams

Posted on: December 22, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.