Go to listing page

Cyware Daily Threat Intelligence, January 05, 2022

Cyware Daily Threat Intelligence, January 05, 2022

Share Blog Post

When digital certificates go bad, then whom can you trust? That’s what has happened with thousands of users who were infected with a nasty Zloader malware. The attack was carried out by the MalSmoke threat actor group who took advantage of a flaw in a digital certificate verification method to stealthily infect over 2000 devices across 111 countries.

Well, it’s never too late to mend security flaws and that’s what Google has done with over 50 newly discovered vulnerabilities found in Android components and Chrome. These flaws were addressed in the first set of 2022 security updates. Meanwhile, the rise in attacks due to Log4j has forced the U.S. FTC to issue a new advisory for companies that are still behind in remediating the flaws.

Top Breaches Reported in the Last 24 Hours

UScellular discloses a data breach
UScellular disclosed that it suffered a data breach following a cyberattack that compromised its billing system in December 2021. This affected the personal information of around 405 customers. As a precautionary measure, the company asked the impacted individuals to reset their login credentials.

Elephant Beetle 
Researchers have decoded the modus operandi of a malicious hacking group Elephant Beetle that has been active in several organized financial-theft operations for at least four years. The attackers targeted organizations in the retail and banking sector to steal funds by diverting transactions.

Top Malware Reported in the Last 24 Hours

Zloader malware campaign
A threat actor named MalSmoke has been found exploiting Microsoft’s digital signature verification method to deploy Zloader malware. Active since November 2021, the campaign has affected thousands of victims from 111 countries and is being used to steal user credentials. The attackers used legitimate Remote Management (RMM) software named Atera to gain initial access to the target machine.

Top Vulnerabilities Reported in the Last 24 Hours

Google patches 48 vulnerabilities
A total of 48 vulnerabilities affecting Android OS, Pixel devices, and Android Automotive OS have been addressed by Google on the first set of 2022 security updates. The most severe of these issues affect the Android runtime component and could allow attackers to bypass memory restrictions in order to gain access to additional permissions. Additionally, it has released Chrome 97 with fixes for 37 security vulnerabilities.

NoReboot technique
Researchers have published a new attack technique that can allow threat actors to maintain malware persistence on infected iPhones. Called ‘NoReboot,’ the technique leverages the iOS restart operation - taps into Springboard and Backboardd to detect and intercept a phone restart command. 

FTC warns about patching Log4j flaws
The U.S. Federal Trade Commission (FTC) has warned companies to remediate Log4j security vulnerabilities at the earliest to protect consumer data. The warning comes at a juncture when threat actors continue to exploit the flaws.  

 Tags

remote management software rmm
log4j flaw
uscellular
elephant beetle
zloader malware
malsmoke

Posted on: January 05, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.