Go to listing page

Cyware Daily Threat Intelligence, January 07, 2022

Cyware Daily Threat Intelligence, January 07, 2022

Share Blog Post

While the race is on to patch every vulnerable Java application using the Log4j logging framework, a similar zero-day flaw that exploits the Java Naming and Directory Interface (JNDI) remote class loading has been identified by researchers. This newly discovered RCE flaw affects several versions of the popular H2 Java SQL database consoles.

However, the threat due to the existing Log4Shell flaw remains prominent as the NHS reported a new incident that enabled threat actors to hack VMWare Horizon servers and plant web shells for future attacks.

A new threat has also been spotted in the ransomware landscape in the form of new Night Sky ransomware that diligently uses the double extortion tactic to extract ransom from its victims.

Top Breaches Reported in the Last 24 Hours

FlexBooker leaks 3.7 million records
The personal details of more than 3.7 million users belonging to FlexBooker were compromised after a threat actor hacked one of the company’s AWS accounts. The affected data included names, email addresses, phone numbers, password hashes, and partial credit card information of users.

Finalsite affected in a ransomware attack
Thousands of school websites around the world went offline following a ransomware attack on Finalsite. The outage occurred on January 4. The investigation is ongoing and at the time, the organization has no evidence of data being stolen.

Ravkoo discloses a data breach
Florida-based Ravkoo is notifying around 105,000 individuals about a security breach that exposed their personal information. The incident occurred due to a misconfiguration issue in an Amazon AWS bucket.

Top Malware Reported in the Last 24 Hours

New Night Sky ransomware
A new ransomware family, dubbed Night Sky, that implements a double extortion model has been uncovered by researchers. After encrypting, the ransomware appends the ‘.nightsky’ extension to encrypted file names. The ransomware gang has been in operation since December 27, 2021. It has already hacked two organizations in Bangladesh and Japan.

Top Vulnerabilities Reported in the Last 24 Hours

New Log4Shell-like vulnerability discovered
A serious RCE flaw similar to the Log4Shell vulnerability has been found to impact the popular H2 Java SQL database consoles. Tracked as CVE-2021-42392, the flaw exploits the same root cause of Log4Shell, namely Java Naming and Directory Interface (JNDI) remote class loading. The flaw affects H2 database versions 1.1.100 to 2.0.204 and has been addressed in version 2.0.206.

The exploitation of Log4Shell continues
The NHS security team disclosed a cyberattack that involved the exploitation of Log4Shell vulnerability. The hackers leveraged the flaw to hack VMWare Horizon servers and plant web shells for future attacks. To help organizations run VMware Horizon servers, the agency has released instructions on how to detect possible signs of exploitation. (Read more on Log4Shell mitigation here)

 Tags

finalsite
log4shell vulnerability
ravkoo
night sky ransomware
flexbooker
vmware horizon servers

Posted on: January 07, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.