The holiday season is here. Let's ensure that the guards on our systems remain intact during this vulnerable time. In the past 24 hours, threat actors have put a new spin on the Babuk ransomware strain by unfolding a new malware dubbed Rook. Since its first appearance on November 30th, the ransomware has claimed its first attack on a Kazakh financial institution by stealing 1123GB of data.
Meanwhile, the exploitation of Telegram has reaped benefits for operators behind the Echelon infostealer recently. The malware, which made a comeback after a long period, was used to steal crypto wallet credentials from Telegram users. On a lighter note, even Spider-Man fans are also being targeted in a Monero mining attack that uses fake movie sites as a lure.
Top Breaches Reported in the Last 24 Hours
Pro Wrestling Tees affected
Pro Wrestling Tees has disclosed a data breach that affected the financial details of 31,000 of its customers. Threat actors had likely used a skimmer malware to steal credit card details along with full names and matching CVV codes.
Top Malware Reported in the Last 24 Hours
New Rook ransomware strain
Researchers have uncovered a new ransomware strain dubbed Rook. It borrows source code from Babuk and has claimed its first attack on a Kazakh financial organization. The gang has reportedly published 1123GB of stolen data on its website. It is primarily delivered via a third-party framework such as Cobalt Strike.
Echelon malware returns
Attackers are targeting crypto wallets of Telegram users in a new espionage campaign delivering Echelon infostealer. The malware is propagated via the Telegram handle ‘Smokes Night.’ It is capable of stealing credentials from multiple messaging and file-sharing platforms such as Discord, Edge, FileZilla, OpenVPN, and Outlook.
New cryptomining campaign
A new Monero mining campaign is taking advantage of the global buzz around the release of ‘Spider-Man: No Way Home’ movie to mine Monero cryptocurrency. Threat actors are luring users with fake movie files that can be downloaded from a Russian torrent website.
A new phishing campaign targeting the CoinSpot cryptocurrency exchange allowed attackers to steal 2FA codes from users. The emails were sent via a Yahoo address and asked recipients to confirm or cancel a withdrawal transaction. The email body also included details of the transaction amount to add legitimacy to the attack.
Blister malware attack campaign
Threat actors distributing the Blister malware have added a new evasion technique to their attack campaigns. They have disguised the malicious code using valid code-signing certificates to prevent security checks. The campaign has been active since September 15.
Top Vulnerabilities Reported in the Last 24 Hours
Flywheel vulnerable to a flaw
A subdomain takeover vulnerability affecting the Flywheel WordPress hosting platform can allow attackers to wreak havoc by impersonating legitimate websites. The flaw exists due to misconfiguration issues in the platform. As a mitigation measure, end users are urged to audit DNS records.
Apple address a bypass flaw
Apple has addressed a macOS flaw that could have allowed unauthorized apps to circumvent security checks. The flaw, tracked as CVE-2021-30853, has been addressed in macOS 11.6 update.