Go to listing page

Cyware Daily Threat Intelligence, February 12, 2021

Cyware Daily Threat Intelligence, February 12, 2021

Share Blog Post

TrickBot’s sibling, BazarBackdoor, has already begun its foray into the threat landscape. It was only yesterday that the malware downloader was in the news for its new obfuscation technique capabilities. Now, a new email phishing attack that disseminates BazarBackdoor has come to the light.

In other developments, the Avaddon ransomware gang is back in action after fixing a flaw that could have let their victims decrypt the files. Also, Lampion trojan has made a comeback with a new set of targets located in Portugal.

Top Breaches Reported in the Last 24 Hours

PrivatBank’s database on sale
A database belonging to Ukraine’s PrivatBank is being offered for sale on a popular hacking forum. It contains 40 million records that include full names, dates of birth, places of birth, passport details, and phone numbers of customers.

Vastaamo affected
Finnish therapy psychotherapy practice firm, Vastaamo, has declared bankruptcy after falling victim to a horrific security breach. The problem first began in 2018, when the firm discovered that a database of customer details and notes had been accessed by hackers.

Top Malware Reported in the Last 24 Hours

Lampion trojan returns
A new version of Lampion trojan is being used in the wild to target users in Portugal. Threat actors are leveraging the ongoing vaccination process as a channel to disseminate the trojan. It is carried out via a phishing email that includes a link impersonating ‘min-saude.pt’.

BazarBackdoor in new attack
Several people have received emails that pretend to confirm hefty orders from Ajour Lingerie and Rose World. These emails are actually part of a spear-phishing attack, which ultimately causes the download of the BazarBackdoor malware.

Avaddon ransomware fixes a flaw
The Avaddon ransomware gang has fixed a flaw that lets victims recover their files without paying the ransom. The flaw came to light after a security researcher exploited it to create a decryptor. The ransomware uses the AES256 algorithm to encrypt victims’ files.

Top Vulnerabilities Reported in the Last 24 Hours

Faulty Responsive Menu plugin
Three vulnerabilities found in the Responsive Menu WordPress plugin can lead to a site takeover, installation of backdoor, spam injections, malicious redirects, and other malicious activities. As the issues impact the versions from 4.0.0 to 4.0.3, users are advised to update to version 4.0.4.

Thirty vulnerable mHealth apps
Around 30 popular mHealth apps are vulnerable to API attacks that can allow unauthorized access to full patient records, including protected health information. While 77% of the apps contain hardcoded API keys, some of which don’t expire, 7% contain hardcoded usernames and passwords.

SQL injection flaw addressed
A severe unauthenticated SQL injection vulnerability has been patched by developers of Evolution CMS. This security flaw was caused by how the application processes SQL queries. If a user was to send crafted data, the query could be modified before landing in an Evolution database.

PayPal fixes an XSS flaw
PayPal has resolved a reflected cross-site scripting (XSS) vulnerability found in the currency converter feature of user wallets. The bug arose due to improper sanitization of user input.

Zero-day flaw receives a micropatch
A zero-day vulnerability in Internet Explorer 11, which is being exploited in the wild, has received an unofficial micropatch. Last month, the North Korean state-sponsored hacking group Lazarus had abused the flaw to target security researchers.

Microsoft fixes a 12-year-old flaw
Microsoft has also fixed a 12-year-old privilege escalation vulnerability in Windows Defender. The flaw could allow attackers to gain admin rights on unpatched Windows systems. The flaw is tracked as CVE-2021-24092 and impacts Windows Defender versions going back as far as 2009.


lampion trojan
responsive menu plugin
avaddon ransomware gang
bazarbackdoor malware

Posted on: February 12, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.