Looks like botnet operators are in a no-nonsense mood as a new evasion technique comes under the lens of researchers. The technique that involves the abuse of Bitcoin blockchain transactions for C2 communications, has been harnessed by attackers in a long-running cryptocurrency mining campaign.
Talking more on emerging threats, a new version of MINEBRIDGE trojan with enhanced TTPs and social engineering lure has also expanded the attack scope for its creators. Meanwhile, the Clop ransomware gang is back in the headlines for leaking the data stolen from aerospace giant Bombardier.
Top Breaches Reported in the Last 24 Hours
France warns of stolen credentials
are warning the country’s healthcare sector of the discovery of stolen credentials, apparently belonging to hospital workers. The credentials are put for sale on the dark web. The origin of the leak is still unclear.
Bombardier’s data leaked
The Clop ransomware gang
has leaked online the screenshots of blueprints allegedly stolen from aerospace giant Bombardier. The gang had abused the vulnerability in the Acellion’s legacy file-transfer software to gain access to the networks of Bombardier.
Top Malware Reported in the Last 24 Hours
Return of MINEBRIDGE RAT
Researchers have detected a new variant of MINEBRIDGE
RAT that includes new TTPs and social engineering lure. The malware, which is linked to the TA505 threat actor group, uses a job resume theme to attract recipients.
Botnet leverages blockchain transaction
used for cryptocurrency mining activities is abusing Bitcoin blockchain transactions to stay under the radar. As a part of the campaign, the threat actors have been found abusing remote code execution vulnerabilities (CVE-2015-1427 and CVE-2019-9028) in Hadoop Yarn and Elasticsearch.
Malicious Flash Player app
A Flash Player app
that has reached its end of life has been found distributing Adware on Chinese users’ phones. The app is available on flash[.]cn website.
Top Vulnerabilities Reported in the Last 24 Hours
SonicWall issues patches
has released a new set of firmware patches for its SMA 100 series products, which provide workers with remote access to internal resources. The release is an update to a previous alert that can allow a remote attacker to take control of an affected system.
Flawed virtual event platforms
Several flaws and misconfiguration issues found in VFairs
and 6Connex virtual event platforms had exposed job seekers’ identities and social media profiles. Among the issues identified are information disclosure, direct access to databases, and potential remote code execution.
Keybase resolves a flaw
has resolved a security flaw in the messaging client that could have resulted in the compromise of the private data of users. Tracked as CVE-2021-23827, the bug is described as an issue that allows attackers to obtain potentially sensitive media in the cache and uploadtemps directories.
Vulnerable Node.js library
Node.js library is vulnerable to a high severity command injection vulnerability tracked as CVE-2021-21315. The flaw impacts the ‘systeminformation’ npm packagecomponent and has been fixed in version 5.3.1.
VMware addresses flaws
VMware has addressed multiple critical remote code execution flaws found in its ESXi and vSphere Client virtual infrastructure management platform. The flaws could have enabled attackers to execute arbitrary code and take control of systems. Identified with CVE-2021-21972, the flaw has a CVSS score of 9.8.