Go to listing page

Cyware Daily Threat Intelligence, February 03, 2021

Cyware Daily Threat Intelligence, February 03, 2021

Share Blog Post

Browser extensions are creeping their way into being a favorite attack vector for cybercriminals. A bunch of 28 malicious extensions, collectively called as CacheFlow, became a covert channel for malicious actors who intended to redirect users to arbitrary URLs, phishing sites, and unwanted ads. According to reports, the affected countries are Brazil, Ukraine, France, Argentina, Spain, and the U.S.

Meanwhile, the release of security patches for several crucial vulnerabilities is sure to bring a sigh of relief for many organizations. SolarWinds has issued patches for three severe vulnerabilities affecting its Orion and Serv-U FTP products. Also, Google has published fixes for over 40 vulnerabilities as part of its Android security bulletin for February 2021.   

Top Breaches Reported in the Last 24 Hours

Launch of a new data leak site
The Babyk ransomware operators have launched a new data leak site to publish victim’s stolen data as part of a double extortion strategy. The site currently lists the names of four victims and the leaked data for three of them. The gang has, however, claimed to not encrypt data belonging to hospitals, non-profit organizations and schools, and small businesses.

Top Malware Reported in the Last 24 Hours

Rogue extensions
New details have emerged about malicious extensions for Chrome and Edge browsers. These extensions collectively called CacheFlow were found hijacking clicks to links in search result pages to redirect unsuspecting users to phishing sites and ads. The malicious extensions include Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, and VK Unblock. 

New Agent Tesla variant
A new version of Agent Tesla is targeting Microsoft’s Anti-Malware Software Interface (ASMI) to avoid detection. The new version also has an added capability of deploying a Tor client. 

Top Vulnerabilities Reported in the Last 24 Hours

Google issues 40 patches
Google has published its Android security bulletin for February 2021 that includes fixes for more than 40 vulnerabilities. Most of these flaws can lead to elevation of privilege. The flaws are found in Kernel, Qualcomm, and Media Framework components.

SolarWinds patches three flaws
SolarWinds has issued patches for three previously undisclosed severe vulnerabilities that could allow attackers to take control of Windows systems. Two of these flaws are found in SolarWinds Orion and one in Serv-U FTP. The flaws are tracked as CVE-2021-25275, CVE-2021-25274, and CVE-2021-25276.

Flawed ColdFusion rectified
Adobe has suggested a workaround for a vulnerability affecting ColdFusion. The flaw can be exploited by unprivileged users to execute arbitrary code with SYSTEM privileges.  

 Tags

agent tesla malware
solarwinds
adobe coldfusion
cacheflow
babyk ransomware

Posted on: February 03, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.