Go to listing page

Cyware Daily Threat Intelligence, February 18, 2022

Cyware Daily Threat Intelligence, February 18, 2022

Share Blog Post

Threats due to Log4j vulnerability continue to scare organizations and one such incident has been reported in the last 24 hours. The Iran-based TunnelVision APT group was found exploiting the critical Log4Shell flaw to infect unpatched VMware Horizon instances with ransomware. Organizations running the vulnerable software are on the target list of this notorious hacking group.

There’s a major update on the PseudoManuscrypt botnet that is on a mission to build armies of infected IoT devices. A majority of these infected devices, especially Windows machines, were found in South Korea and were infected since May 2021. Meanwhile, scammers are taking advantage of the crypto fever as a new scam dubbed FreeCryptoScam comes to light.

Top Breaches Reported in the Last 24 Hours

Vaping store suffers breach
Element Vape, a prominent online seller of e-cigarettes and vaping kits, has been hacked after threat actors loaded a malicious JavaScript file to steal credit card details. The infostealer deployed on the site was found collecting customers’ payment cards and billing information on checkout. The details included email addresses, phone numbers, and ZIP codes of users.

Fertility clinic attacked
A New York-based fertility clinic, Extend Fertility, is notifying patients about a recent security breach that compromised their personal details. The incident was discovered on December 20, 2021, and the compromised data includes dates of birth, usernames, dates of service, medical account number, medical history, and treatment information of patients.

Top Malware Reported in the Last 24 Hours

Update on PseudoManuscrypt botnet
In a significant revelation, researchers found that numerous Windows machines located in South Korea have been targeted by the PseudoManuscrypt botnet since at least May 2021. The botnet employs the same tactics as CryptBot. It is distributed in the form of an installer for cracked software.

Top Vulnerabilities Reported in the Last 24 Hours

Intel patches 18 flaws
Intel has issued 22 security advisories for 18 security flaws, seven of which are rated high severity. Most of these flaws can be exploited for privilege escalation. Others can lead to information disclosure or a Denial of Service (DoS). The flaws impact Kernelflinger open source project, Intel Quartus Prime components, PROSet/Wireless WiFi and Killer WiFi products, AMT SDK, Setup and Configuration Software (SCS), and Management Engine BIOS eXtensions (MEBx).

Log4j flaw exploited
Researchers have tracked a new campaign in the wild that exploits the Log4j vulnerability. The campaign is linked with the Iran-based TunnelVision APT group and is being used to deploy ransomware on machines running vulnerable VMware Horizon instances.

A serious flaw in the UpdraftPlus plugin
A patch has been issued to address a serious flaw in the UpdraftPlus plugin that has over 3 million installations. The flaw, tracked as CVE-2021-0633, could allow a logged-in user to download backups made with the plugin. It has a CVSS score of 8.5.

Flawed Snap software fixed
Six vulnerabilities discovered in Canonical’s Snap software system can be exploited to escalate privilege to an administrator level. The most severe issue is tracked as CVE-2021-44731. Users are urged to patch the software to stay protected.

Top Scams Reported in the Last 24 Hours

FreeCryptoScam
In January, researchers identified a scam, dubbed FreeCryptoScam, that targeted cryptocurrency users. The scam lured users into downloading Dark Crystal RAT by luring them into an offer of free cryptocurrency. The Dark Crystal RAT further downloaded Redline and TVRat for the further infection process.

 Tags

extend fertility
apache log4j vulnerability
updraftplus plugin
freecryptoscam
cryptbot
tunnelvision apt group

Posted on: February 18, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.