Go to listing page

Cyware Daily Threat Intelligence, December 23, 2021

Cyware Daily Threat Intelligence, December 23, 2021

Share Blog Post

Exploitation attempts ramping up against Log4j vulnerabilities have put the issue on the discussion table for all organizations. In a joint effort, CISA, FBI, NSA, and a team of cybersecurity leaders have issued an elaborated advisory to mitigate the flaws as they present a severe and ongoing threat to organizations and governments around the world. Meanwhile, NVIDIA and HPE have lately confirmed that some of their products are affected by the Log4j vulnerabilities.

In the last 24 hours, a new ransomware named AvosLocker that comes with unique evasion techniques has piqued the interest of security experts. One of its tactics includes the use of AnyDesk remote IT administrator tool in Windows Safe Mode.

Top Breaches Reported in the Last 24 Hours

Azure flaw exposes source code repositories
Microsoft informed users about source code leaks due to a serious security vulnerability in the Azure App service. The flaw has affected hundreds of source code repositories. It impacted the customers who deployed the application using Local Git. Following the disclosure, the company has taken steps to fix the issue.

Monongalia Health System affected
Monongalia Health System, a hospital system in West Virginia has suffered a data breach due to a phishing attack. As a result, the hackers had access to several email accounts between May and August. These emails also included the personal information of 40,000 patients, providers, employees, and contractors.

Data of Albanians affected
Personal data of some 637,000 Albanians were leaked due to a misconfigured database. The leaky database included employment details and salary data of individuals. So far, there is no evidence of misuse of the data.

Top Malware Reported in the Last 24 Hours

Dridex found in phishing emails
A new phishing email campaign is using fake employee termination emails as a lure to distribute the Dridex trojan. The email includes a malicious Excel document, which then surprises the victim with a season’s greeting message.

New AvosLocker ransomware spotted
A newly found AvosLocker ransomware is actively targeting its victims using new evasion techniques. One of the key features includes running the AnyDesk remote IT administrator tool in Windows Safe Mode. One of the other clever techniques used by the ransomware involves targeting VMware ESXi servers by killing the virtual machines and then encrypting the files.

Top Vulnerabilities Reported in the Last 24 Hours

Updates on Log4j flaws
NVIDIA and HPE join the list of companies that confirmed their products are affected by the Log4j vulnerabilities. The flaws, in concern, are tracked as CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105. Both the companies have already released patches and mitigations to resolve the vulnerabilities.

Flawed mySCADA product fixed
A dozen vulnerabilities have been addressed in the mySCADA product of myPRO. Addressed in two different advisories, the flaws could have left organizations in the energy, food, and agriculture, water, and transport sectors at risk.  

Apache patches two HTTP server flaws
The Apache Software Foundation has released an update to address two separate flaws that can be exploited by attackers to take control over systems. The flaws are tracked as CVE-2021-44790 and CVE-2021-44224. The flaws, which have CVSS scores of 9.8 and 8.2, affect the HTTP server.


 Tags

dridex malware
avoslocker ransomware
log4j vulnerabilities
myscada product
monongalia health system

Posted on: December 23, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.