Go to listing page

Cyware Daily Threat Intelligence, January 11, 2021

Cyware Daily Threat Intelligence, January 11, 2021

Share Blog Post

Today’s threat intelligence briefing has Log4Shell vulnerabilities written all over it. APT35 aka Charming Kitten has emerged as the latest cybercriminal group to exploit one of the Log4Shell flaws to distribute a new PowerShell-based modular backdoor dubbed CharmPower. The critical security flaws also became a reason for a security breach at Clarins. As a result, the personal information of its Singapore customers was leaked online. What’s more disturbing is that despite the release of new versions, the vulnerable and outdated versions of Log4j software were downloaded four million times in a single month. 

Never a day passes by when ransomware attacks are not making the news and today, a new version of AvosLocker is making the headlines for encrypting Linux systems by targeting VMware ESXi virtual machines.

Top Breaches Reported in the Last 24 Hours

Clarins hit by a data breach
French cosmetic company Clarins has been hit by a data breach incident that affected the personal information of Singapore customers. The incident occurred as the company failed to patch the Log4Shell vulnerabilities on time. Clarins became aware of the security breach after a staff member could not access the database. The data affected include names, addresses, email, phone numbers, and loyalty program status of customers. 

MRIoA discloses a data breach
The Medical Review Institute of America (MRIoA) notified some 134,000 individuals about a data breach that affected their personal information. The incident was discovered on November 9, 2021. The compromised data included names, gender, email addresses, phone numbers, birth dates, Social Security Numbers, and financial information of users. 

Top Malware Reported in the Last 24 Hours

New AvosLocker variant spotted
A new Linux version of the AvosLocker ransomware that targets VMware ESXi servers has been spotted by researchers. Once launched on a Linux system, the ransomware terminates all ESXi machines on the server. Later it begins the encryption process and appends the .avoslinux extension to the encrypted files. 
 
Top Vulnerabilities Reported in the Last 24 Hours

Exploitation of Log4Shell
The Charming Kitten threat actor group made attempts to exploit one of the Log4Shell vulnerabilities (CVE-2021-44228) to distribute a new PowerShell-based modular backdoor dubbed CharmPower. The attackers chose JNDI Exploit kits to send a well-crafted request to the victim’s publicly facing resource as part of the infection chain. 

Apple fixes ‘powerdir’ flaw
Microsoft has shared details about a vulnerability in Apple’s macOS that could enable attackers to gain unauthorized access to protected user data by bypassing the operating system’s Transparency, Consent, and Control (TTC) technology. Named ‘powerdir’, the flaw is identified with CVE number CVE-2021-30970. Apple fixed the issue in December 2021. 

 Tags

medical review institute of america
charming kitten group
charmpower
log4shell vulnerabilities
avoslocker ransomware
vmware esxi virtual machines
apt35

Posted on: January 11, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.