Unpatched zero-day vulnerabilities are potential gold mines for cybercriminals to take control over systems and launch a variety of attacks. One such attack that affected about 100 companies worldwide has come under the scanner of researchers. The Clop ransomware threat actor in conjugation with Fin11 APT had successfully exploited multiple zero-day vulnerabilities Accellion File Transfer Application to launch the attack in December 2020.
A Chinese threat actor group APT31 took the exploitation technique to another level by cloning a zero-day vulnerability stolen from the NSA’s Equation Group. The replicated exploit known as Jian was used between 2015 and 2017. That’s not all. Microsoft revealed details about the mass exploitation of a privilege escalation vulnerability—Win32k component—before it was patched this February.
Top Breaches Reported in the Last 24 Hours
Lakehead university affected
Canadian undergraduate research university Lakehead
is dealing with a cyberattack that forced the institution to cut off access to its servers. Although the extent of the attack is unclear, the university claimed that the attack was aimed at its file-sharing servers.
Breaching 100 companies
Threat actors associated with Clop ransomware
and Fin11 have been held responsible for breaching 100 companies using Accellion’s legacy file Transfer Appliance. The attack occurred in mid-December 2020 and involved the exploitation of multiple zero-day vulnerabilities. A new DEWMODE web shell was used as a part of the attack.
A ransomware attack at Underwriters Laboratories (UL)
has caused the shut down of their systems. It is unclear which ransomware group is behind the attack and whether any unencrypted files are stolen.
Top Malware Reported in the Last 24 Hours
Threat actors leverage Google Alerts
Threat actors are leveraging Google Alerts to promote a fake Flash Player
updater that installs other unwanted programs on users’ computers. The modus operandi includes threat actors creating fake stories with titles containing popular keywords that index on Google Search. Once indexed, Google Alerts will alert people who are following those keywords.
New Silver Sparrow malware
Security researchers have discovered a new malware called Silver Sparrow
on nearly 30,000 Apple Macs. The malware comes with a mechanism to self-destruct itself. The malware has been found in 153 countries, including the U.S., the U.K, Canada, France, and Germany.
Top Vulnerabilities Reported in the Last 24 Hours
Windows zero-day actively exploited
A zero-day vulnerability
tracked as CVE-2021-1732 was being exploited in the wild since at least the summer of 2020. It could allow local attackers to elevate their privileges to the admin level by triggering a use-after-free condition in the win32k.sys core kernel component.
APT31 cloned EpMe exploit
Research has revealed that the Chinese threat actor group APT31 had cloned and used a Windows zero-day exploit
stolen from the NSA’s Equation Group for years before the flaw was patched. The replicated exploit was known as Jian and was used between 2015 and 2017.
The Python Software Foundation (PSF) has released
Python 3.9.2 and 3.8.8 to address two notable security flaws, one of which is remotely exploitable. One of the flaws is tracked as CVE-2021-3177. The other is tracked as CVE-2021-23336 and concerns a web cache poisoning vulnerability.