Go to listing page

Cyware Daily Threat Intelligence, February 11, 2022

Cyware Daily Threat Intelligence, February 11, 2022

Share Blog Post

Vicious tactics that helped the ModifiedElephant APT to stay under the radar for over a decade have now been uncovered by researchers. It is revealed that the group is constantly evolving its spear-phishing tactics to drop keyloggers and a wide range of trojans such as NetWire and DarkComet on infected systems.

Meanwhile, the recent rise in ransomware attacks against critical infrastructure entities has forced the CISA, FBI, and NSA to release a joint advisory for organizations. Unfortunately, the threat continues to be a matter of security concern as a TV Channel, a college, and a professional services provider came under attack in the last 24 hours.

Top Breaches Reported in the Last 24 Hours

Memorial Hermann Health attacked
The Memorial Hermann Health System is notifying patients about a cyberattack that impacted their PHI. According to the health system, the incident has affected the information of 6,260 patients. The affected information includes first names, last names, dates of birth, driver’s license numbers, and health insurance information of individuals. 

Pop TV affected
A cyberattack disrupted the operations of Pop TV, Slovenia’s most popular TV channel. The attack took place on February 09, following which the employees were prevented from adding new content to the platform. The incident also impacted the servers of the company’s VOYO on-demand streaming platform.

Ransomware attack at California college
Data belonging to Ohlone Community College District (OCCD) network in Fremont, California, has been compromised in a sophisticated cyberattack. This includes Social Security Numbers, dates of birth, driver’s license number, medical information, and bank account details of individuals. 

Data stolen from Optionis Group leaked
Data stolen from accounting conglomerate Optionis Group has surfaced on the dark web. Media reports suggest that the exposed data include spreadsheets for management accounts, timesheets for contractors, as well as letters associated with HM Revenue and Customs.

Top Malware Reported in the Last 24 Hours

ModifiedElephant APT pushes trojans
Detailing about the tactics of ModifiedElephant APT, researchers revealed that the attackers relied on spear-phishing emails with malicious attachments for over a decade now to launch cyberespionage campaigns. On multiple occasions, the attached documents included exploits for CVE-2012-0158, CVE-2013-3906, CVE-2014-1761, and CVE-2015-1641. The emails were used to push keyloggers, and remote access trojans like NetWire and DarkComet, and even Android malware. 

Top Vulnerabilities Reported in the Last 24 Hours

Apple fixes WebKit flaw
Apple has released iOS, iPadOS, and macOS updates to address a critical WebKit security defect (CVE-2022-22620) that exposed Apple devices to remote code execution attacks. The flaw is described as a use-after-free-memory corruption issue. This is the second actively exploited zero-day that has been fixed by Apple in the first two months of 2022. 

Moxa issues patches
Moxa has issued patches for five vulnerabilities found in MXview network management software. These vulnerabilities, which have a CVSS score of 10, can allow attackers to achieve remote code execution attacks. The flaws are tracked as CVE-2021-38452, CVE-2021-38456, CVE-2021-38460, CVE-2021-38458, and CVE-2021-38454.

 Tags

netwire
optionis group
memorial hermann health system
darkcomet
ohlone community college district occd
webkit flaw

Posted on: February 11, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.